Vulnerability Details : CVE-2008-3611
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2008-3611
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3611
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.3
|
MEDIUM | AV:L/AC:M/Au:N/C:N/I:C/A:C |
3.4
|
9.2
|
NIST |
CWE ids for CVE-2008-3611
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3611
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://www.securityfocus.com/bid/31189
- http://securitytracker.com/id?1020878
-
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
US Government Resource
-
http://www.vupen.com/english/advisories/2008/2584
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
Products affected by CVE-2008-3611
- cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*