CVE-2010-0512

HIGH

Description

The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.

References

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://support.apple.com/kb/HT4077

http://www.securityfocus.com/bid/39153

Details

Source: MITRE

Published: 2010-03-30

Updated: 2010-05-21

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH