Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
Max CVSS
6.3
EPSS Score
0.27%
Published
2008-09-16
Updated
2017-08-08
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
Max CVSS
7.6
EPSS Score
0.25%
Published
2008-09-16
Updated
2017-08-08
2 vulnerabilities found