CVE-2003-0601 | Vulnerability Database | Aqua Security

Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x_server	Apple	10.2 (including)	10.2 (including)
Mac_os_x_server	Apple	10.2.1 (including)	10.2.1 (including)
Mac_os_x_server	Apple	10.2.2 (including)	10.2.2 (including)
Mac_os_x_server	Apple	10.2.3 (including)	10.2.3 (including)
Mac_os_x_server	Apple	10.2.4 (including)	10.2.4 (including)
Mac_os_x_server	Apple	10.2.5 (including)	10.2.5 (including)
Mac_os_x_server	Apple	10.2.6 (including)	10.2.6 (including)

References

http://docs.info.apple.com/article.html?artnum=25631
http://www.securityfocus.com/bid/8266
https://exchange.xforce.ibmcloud.com/vulnerabilities/12728
http://docs.info.apple.com/article.html?artnum=25631
http://www.securityfocus.com/bid/8266
https://exchange.xforce.ibmcloud.com/vulnerabilities/12728

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0601
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html