CVE-2008-3611
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
La Ventana de Inicio de Sesión en Mac OS X versión 10.4.11 de Apple, no borra la contraseña actual cuando un usuario realiza un intento de cambio de contraseña que es negado por la política, lo que permite a los atacantes oportunistas, físicamente cercanos, omitir la autenticación y cambiar la contraseña de este usuario mediante un ingreso posterior a una nueva contraseña aceptable en la misma pantalla de inicio de sesión.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-12 CVE Reserved
- 2008-09-16 CVE Published
- 2024-02-20 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1020878 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-260A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45171 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/31189 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html | 2017-08-08 | |
| http://secunia.com/advisories/31882 | 2017-08-08 | |
| http://www.vupen.com/english/advisories/2008/2584 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.11 Search vendor "Apple" for product "Mac Os X" and version "10.4.11" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.4.11 Search vendor "Apple" for product "Mac Os X Server" and version "10.4.11" | - |
Affected
| ||||||