| Vulnerability Name: | CVE-2004-0622 (CCN-16557) | ||||||||
| Assigned: | 2004-06-25 | ||||||||
| Published: | 2004-06-25 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Jun 25 2004 - 04:48:21 CDT Mac OS X stores login/Keychain/FileVault passwords on disk Source: MISC Type: UNKNOWN http://citp.princeton.edu/pub/coldboot.pdf Source: MITRE Type: CNA CVE-2004-0622 Source: BUGTRAQ Type: UNKNOWN 20040625 Mac OS X stores login/Keychain/FileVault passwords on disk Source: CCN Type: OSVDB ID: 15017 Apple Mac OS X Improper Memory Clearing Cleartext Credential Disclosure Source: BUGTRAQ Type: UNKNOWN 20080228 Loginwindow.app and Mac OS X Source: BUGTRAQ Type: UNKNOWN 20080229 Re: Loginwindow.app and Mac OS X Source: XF Type: UNKNOWN macos-memory-view-passwords(16557) Source: XF Type: UNKNOWN macos-memory-view-passwords(16557) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||