CVE-2013-5143 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2013-5143

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.

Affected Software

Name	Vendor	Start Version	End Version
Os_x_server	Apple	*	2.2.2 (including)
Os_x_server	Apple	2.0 (including)	2.0 (including)
Os_x_server	Apple	2.1 (including)	2.1 (including)
Os_x_server	Apple	2.1.1 (including)	2.1.1 (including)
Os_x_server	Apple	2.2 (including)	2.2 (including)
Os_x_server	Apple	2.2.1 (including)	2.2.1 (including)

References

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html