Vulnerability Name: | CVE-2008-1005 (CCN-41329) | ||||||||
Assigned: | 2008-03-18 | ||||||||
Published: | 2008-03-18 | ||||||||
Updated: | 2017-08-08 | ||||||||
Summary: | WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-200 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-1005 Source: CCN Type: Apple Web site About the security content of Safari 3.1 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307563 Source: APPLE Type: UNKNOWN APPLE-SA-2008-03-18 Source: CCN Type: SA29393 Apple Safari Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 29393 Source: CCN Type: SECTRACK ID: 1019656 Safari Discloses Password Field to Local Users Source: CCN Type: OSVDB ID: 43362 Apple Safari WebCore Kotoeri Input Method Password Disclosure Source: BID Type: UNKNOWN 28290 Source: CCN Type: BID-28290 RETIRED: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities Source: BID Type: UNKNOWN 28326 Source: CCN Type: BID-28326 Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1019656 Source: CERT Type: US Government Resource TA08-079A Source: VUPEN Type: UNKNOWN ADV-2008-0920 Source: XF Type: UNKNOWN safari-webcore-weak-security(41329) Source: XF Type: UNKNOWN safari-webcore-weak-security(41329) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |