Vulnerability Description
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | 0.8 |
Related Weaknesses (CWE)
References
- http://docs.info.apple.com/article.html?artnum=307563
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
- http://secunia.com/advisories/29393
- http://www.securityfocus.com/bid/28290
- http://www.securityfocus.com/bid/28326
- http://www.securitytracker.com/id?1019656
- http://www.us-cert.gov/cas/techalerts/TA08-079A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/0920/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41329
- http://docs.info.apple.com/article.html?artnum=307563
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
- http://secunia.com/advisories/29393
- http://www.securityfocus.com/bid/28290
- http://www.securityfocus.com/bid/28326
- http://www.securitytracker.com/id?1019656
FAQ
What is CVE-2008-1005?
CVE-2008-1005 is a vulnerability with a CVSS score of 2.1 (LOW). WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to rea...
How severe is CVE-2008-1005?
CVE-2008-1005 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1005?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.