Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-10-14 03:55
Updated : 2017-08-28 18:30
NVD link : CVE-2011-3436
Mitre link : CVE-2011-3436
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
apple
- mac_os_x
- mac_os_x_server