Vulnerabilities > CVE-2013-5181 - Cryptographic Issues vulnerability in Apple mac OS X
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 7 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_9.NASL |
description | The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld - IOKitUser - IOSerialFamily - Kernel - Kext Management - LaunchServices - Libc - Mail Accounts - Mail Header Display - Mail Networking - OpenLDAP - perl - Power Management - python - ruby - Security - Security - Authorization - Security - Smart Card Services - Screen Lock - Screen Sharing Server - syslog - USB |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 70561 |
published | 2013-10-23 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/70561 |
title | Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST) |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 63350 CVE(CAN) ID: CVE-2013-5181 OS X(前称Mac OS X)是苹果公司为麦金塔电脑开发的专属操作系统的最新版本。 OS X 10.9之前版本“邮件”的自动配置功能内存在安全漏洞,对于支持CRAM-MD5身份验证的服务器选择了纯文本身份验证,可使远程攻击者通过嗅探网络,获取敏感信息。 0 Apple Mac OS X < 10.9 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(msg00004)以及相应补丁: msg00004:APPLE-SA-2013-10-22-3 OS X Mavericks v10.9 链接:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html |
id | SSV:61069 |
last seen | 2017-11-19 |
modified | 2013-10-31 |
published | 2013-10-31 |
reporter | Root |
title | Apple Mac OS X不安全身份验证漏洞(CVE-2013-5181) |