CVE Vulnerabilities

CVE-2010-1838

Improper Authentication

Published: Nov 15, 2010 | Modified: Jan 12, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.5.8 10.5.8
Mac_os_x Apple 10.6.3 10.6.3
Mac_os_x Apple 10.6.1 10.6.1
Mac_os_x Apple 10.6.0 10.6.0
Mac_os_x Apple 10.6.2 10.6.2
Mac_os_x Apple 10.6.4 10.6.4

Potential Mitigations

References