CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.6.0 (including)	10.6.0 (including)
Mac_os_x	Apple	10.6.1 (including)	10.6.1 (including)
Mac_os_x	Apple	10.6.2 (including)	10.6.2 (including)
Mac_os_x_server	Apple	*	10.6.2 (including)
Mac_os_x_server	Apple	10.5 (including)	10.5 (including)
Mac_os_x_server	Apple	10.5.0 (including)	10.5.0 (including)
Mac_os_x_server	Apple	10.5.1 (including)	10.5.1 (including)
Mac_os_x_server	Apple	10.5.2 (including)	10.5.2 (including)
Mac_os_x_server	Apple	10.5.3 (including)	10.5.3 (including)
Mac_os_x_server	Apple	10.5.4 (including)	10.5.4 (including)
Mac_os_x_server	Apple	10.5.5 (including)	10.5.5 (including)
Mac_os_x_server	Apple	10.5.6 (including)	10.5.6 (including)
Mac_os_x_server	Apple	10.5.7 (including)	10.5.7 (including)
Mac_os_x_server	Apple	10.5.8 (including)	10.5.8 (including)
Mac_os_x_server	Apple	10.6.0 (including)	10.6.0 (including)
Mac_os_x_server	Apple	10.6.1 (including)	10.6.1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-0521
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2010-0521

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References