CVE Vulnerabilities

CVE-2013-5163

Improper Authentication

Published: Oct 04, 2013 | Modified: Oct 07, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.6 MEDIUM
AV:L/AC:L/Au:N/C:N/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.8.3 10.8.3
Mac_os_x Apple * 10.8.5
Mac_os_x Apple 10.8.4 10.8.4
Mac_os_x Apple 10.8.1 10.8.1
Mac_os_x Apple 10.8.0 10.8.0
Mac_os_x Apple 10.8.2 10.8.2

Potential Mitigations

References