Vulnerabilities > CVE-2015-3799 - Credentials Management vulnerability in Apple mac OS X
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | MacOS X Local Security Checks |
| NASL id | MACOSX_10_10_5.NASL |
| description | The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 85408 |
| published | 2015-08-17 |
| reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/85408 |
| title | Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities |