CVE-2001-1412

macOS X < 10.3 - Unauthenticated Password File Read via nidump passwd Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1412. PoCs published by Steven Kreuzer.

AI-analyzed exploit summary This is a writeup describing a vulnerability in MacOS X where the `nidump` utility can be used to extract sensitive information, including passwords, from the NetInfo database. The issue arises due to improper file permissions and can be exploited remotely if certain conditions are met.

Description

nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Steven Kreuzer · textremoteosx
https://www.exploit-db.com/exploits/20984

This is a writeup describing a vulnerability in MacOS X where the `nidump` utility can be used to extract sensitive information, including passwords, from the NetInfo database. The issue arises due to improper file permissions and can be exploited remotely if certain conditions are met.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apple MacOS X (all versions)
No auth needed
Prerequisites: portmap and netinfobind must be listening on the target host · remote tags must be used for nidump
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1001946
Exploit, Vendor Advisory x_refsource_misc
http://www.securiteam.com/securityreviews/5QP032A4UU.html
Patch, Vendor Advisory x_refsource_misc
http://www.securemac.com/macosxnidump.php
Vendor Advisory mailing-list x_refsource_bugtraq
http://lists.insecure.org/lists/bugtraq/2002/Sep/0128.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=99953038722104&w=2

Scores

EPSS 0.0103
EPSS Percentile 59.7%

Details

Status published
Products (1)
apple/mac_os_x 10.4.9
Published Nov 17, 2003
Tracked Since Feb 18, 2026