Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-09-16T23:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-08-12T00:00:00
Link: CVE-2008-3611
JSON object: View
NVD Information
Status : Modified
Published: 2008-09-16T23:00:01.133
Modified: 2017-08-08T01:32:02.090
Link: CVE-2008-3611
JSON object: View
Redhat Information
No data.
CWE