CVE-2010-1413 | Vulnerability Database | Aqua Security

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	4.0.5 (including)
Safari	Apple	4.0 (including)	4.0 (including)
Safari	Apple	4.0.0b (including)	4.0.0b (including)
Safari	Apple	4.0.1 (including)	4.0.1 (including)
Safari	Apple	4.0.2 (including)	4.0.2 (including)
Safari	Apple	4.0.3 (including)	4.0.3 (including)
Safari	Apple	4.0.4 (including)	4.0.4 (including)
Webkit	Apple	*	*
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	maverick	*

References

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/40105
http://secunia.com/advisories/43068
http://securitytracker.com/id?1024067
http://support.apple.com/kb/HT4196
http://support.apple.com/kb/HT4225
http://www.securityfocus.com/bid/40620
http://www.securityfocus.com/bid/40733
http://www.vupen.com/english/advisories/2010/1373
http://www.vupen.com/english/advisories/2011/0212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7255

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1413
CWE	https://cwe.mitre.org/data/definitions/310.html