Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1005

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-1005
Last Modified 07 Mar 2011 10:05:47
Published 18 Mar 2008 08:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1005

Summary

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

Vulnerable Systems

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.1

  • Apple Safari 1.2

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2.0

  • Apple Safari 2.0.2

  • Apple Safari 2.0.4

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4


References

CERT - TA08-079A

XF - safari-webcore-weak-security(41329)

VUPEN - ADV-2008-0920

APPLE - APPLE-SA-2008-03-18

SECTRACK - 1019656

BID - 28326

BID - 28290

SECUNIA - 29393

CONFIRM - http://docs.info.apple.com/article.html?artnum=307563

Related Patches

Apple 2008-03-18 Safari Update 3.1 (Tiger PPC)

Apple 2008-03-18 Safari Update 3.1 (Leopard)

Apple 2008-03-18 Safari Update 3.1 (Tiger Intel)


Last Updated: 27 May 2016 10:46:58