Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006) (uncredentialed check)

High Nessus Plugin ID 49308


The remote host is missing a Mac OS X update that fixes a security issue.


The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2010-006 applied.

This security update fixes an issue in AFP Server by which a remote attacker with knowledge of an account name on the affected system may be able to bypass the password validation and access AFP shared folders.

Note that this issue is only exploitable when File Sharing is enabled, and it is not by default.


Install Security Update 2010-006 or later.

See Also

Plugin Details

Severity: High

ID: 49308

File Name: afp_malformed_password.nbin

Version: $Revision: 1.28 $

Type: remote

Family: Misc.

Published: 2010/09/21

Modified: 2018/01/29

Dependencies: 10666

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: AFP/hostname

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/09/20

Vulnerability Publication Date: 2010/09/20

Reference Information

CVE: CVE-2010-1820

BID: 43341

OSVDB: 68153