Vulnerabilities > CVE-2001-1565 - Authentication Credentials Disclosure vulnerability in Apple Mac OS X PPP

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

apple

NVD

Published: 2001-12-31

Updated: 2008-09-05

Summary

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.0 Apple MAC OS X 10.1 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5	7

References

http://www.iss.net/security_center/static/7750.php
http://www.macsecurity.org/pipermail/macsec/2001-December/000299.html
http://www.securityfocus.com/bid/3753