| Vulnerability Name: | CVE-2003-0378 (CCN-12190) | ||||||||
| Assigned: | 2003-05-27 | ||||||||
| Published: | 2003-05-27 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0378 Source: CCN Type: AppleCare Knowledge Base Document 107579 Mac OS X Server: How to Avoid Sending Clear Passwords in a Kerberos Environment With LDAPv3 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=107579 Source: CCN Type: AppleCare Knowledge Base Document 120223 Security Update 2003-06-09: Information and Download Source: CCN Type: US-CERT VU#467828 Mac OS X LDAP plugins transmit user credentials in clear text Source: CERT-VN Type: Exploit, Patch, Third Party Advisory, US Government Resource VU#467828 Source: CCN Type: OSVDB ID: 4867 Apple Mac OS X Kerberos Login Password Exposure Source: CCN Type: BID-7832 Apple Mac OS X Server LDAP Authentication Clear Text Passwords Vulnerability Source: XF Type: UNKNOWN macos-ldap-plaintext-password(12190) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||