Vulnerability Description
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.4.11 |
| Apple | Mac Os X Server | 10.4.11 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://secunia.com/advisories/31882Vendor Advisory
- http://securitytracker.com/id?1020878
- http://www.securityfocus.com/bid/31189Patch
- http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/2584Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://secunia.com/advisories/31882Vendor Advisory
- http://securitytracker.com/id?1020878
- http://www.securityfocus.com/bid/31189Patch
- http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/2584Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
FAQ
What is CVE-2008-3611?
CVE-2008-3611 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attack...
How severe is CVE-2008-3611?
CVE-2008-3611 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3611?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.