An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100993 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039427 | Third Party Advisory VDB Entry |
https://support.apple.com/HT208144 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2017-10-23T01:00:00
Updated: 2017-10-23T09:57:01
Reserved: 2017-03-17T00:00:00
Link: CVE-2017-7143
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-23T01:29:13.957
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-7143
JSON object: View
Redhat Information
No data.