CVE-2013-5136

Apple Remote Desktop <3.7 - Info Disclosure

Title source: llm
STIX 2.1

Description

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html

Scores

EPSS 0.0106
EPSS Percentile 60.5%

Details

CWE
CWE-200
Status published
Products (17)
apple/apple_remote_desktop 3.0.0
apple/apple_remote_desktop 3.1
apple/apple_remote_desktop 3.2
apple/apple_remote_desktop 3.2.1
apple/apple_remote_desktop 3.2.2
apple/apple_remote_desktop 3.3
apple/apple_remote_desktop 3.3.1
apple/apple_remote_desktop 3.3.2
apple/apple_remote_desktop 3.4
apple/apple_remote_desktop 3.5
... and 7 more
Published Oct 24, 2013
Tracked Since Feb 18, 2026