The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
Source: MITRE
Published: 2015-09-18
Updated: 2016-12-22
Type: NVD-CWE-Other
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM