Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2326

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2326
Last Modified 05 Sep 2008 04:32:55
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2326

Summary

The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.0

  • Apple Mac Os X 10.0.1

  • Apple Mac Os X 10.0.2

  • Apple Mac Os X 10.0.3

  • Apple Mac Os X 10.0.4

  • Apple Mac Os X 10.1

  • Apple Mac Os X 10.1.1

  • Apple Mac Os X 10.1.2

  • Apple Mac Os X 10.1.3

  • Apple Mac Os X 10.1.4

  • Apple Mac Os X 10.1.5


References

BID - 5303

XF - macos-idisk-insecure-password(9670)

BUGTRAQ - 20020724 Re: Apple OSX and iDisk and Mail.app

BUGTRAQ - 20020724 Apple OSX and iDisk and Mail.app


Last Updated: 27 May 2016 10:37:42