Vulnerability Details CVE-2008-3617
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://securitytracker.com/id?1020882
- http://www.securityfocus.com/bid/31189
- http://www.us-cert.gov/cas/techalerts/TA08-260A.html
- http://www.vupen.com/english/advisories/2008/2584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45174
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://securitytracker.com/id?1020882
- http://www.securityfocus.com/bid/31189
- http://www.us-cert.gov/cas/techalerts/TA08-260A.html
- http://www.vupen.com/english/advisories/2008/2584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45174
Products affected by CVE-2008-3617
-
cpe:2.3:o:apple:mac_os_x:10.5
-
cpe:2.3:o:apple:mac_os_x:10.5.1
-
cpe:2.3:o:apple:mac_os_x:10.5.2
-
cpe:2.3:o:apple:mac_os_x:10.5.3
-
cpe:2.3:o:apple:mac_os_x:10.5.4
-
cpe:2.3:o:apple:mac_os_x_server:10.5
-
cpe:2.3:o:apple:mac_os_x_server:10.5.1
-
cpe:2.3:o:apple:mac_os_x_server:10.5.2
-
cpe:2.3:o:apple:mac_os_x_server:10.5.3
-
cpe:2.3:o:apple:mac_os_x_server:10.5.4