Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006) (uncredentialed check)
High Nessus Plugin ID 49308
SynopsisThe remote host is missing a Mac OS X update that fixes a security issue.
DescriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2010-006 applied.
This security update fixes an issue in AFP Server by which a remote attacker with knowledge of an account name on the affected system may be able to bypass the password validation and access AFP shared folders.
Note that this issue is only exploitable when File Sharing is enabled, and it is not by default.
SolutionInstall Security Update 2010-006 or later.