CVE-2010-1820

Apple Mac OS X - Authentication Bypass

Title source: rule

Description

Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

References (4)

[Patch, Vendor Advisory] http://lists.apple.com/archives/security-announce/2010/Sep/msg00004.html

[Vendor Advisory] http://support.apple.com/kb/HT4361

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/43341

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12109

Scores

EPSS 0.0032

EPSS Percentile 54.8%

Classification

CWE

CWE-287

Status draft

Affected Products (10)

apple/mac_os_x

apple/mac_os_x_server

Timeline

Published Sep 21, 2010

Tracked Since Feb 18, 2026