CVE-2012-0675

Apple Mac OS X <10.7.4 - Info Disclosure

Title source: llm

Description

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

References (3)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

[Vendor Advisory] http://support.apple.com/kb/HT5281

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53445

Scores

EPSS 0.0050

EPSS Percentile 65.9%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

apple/mac_os_x < 10.7.3

apple/mac_os_x

... and 35 more

Timeline

Published May 11, 2012

Tracked Since Feb 18, 2026