Vulnerability Details : CVE-2010-0512
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
Exploit prediction scoring system (EPSS) score for CVE-2010-0512
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0512
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
nvd@nist.gov |
CWE ids for CVE-2010-0512
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0512
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple SupportPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/39153
Apple Mac OS X Preferences System Login Restrictions Authentication Bypass Security Vulnerability
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.comPatch;Vendor Advisory
Products affected by CVE-2010-0512
- cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*