CVE-2017-2488

HIGH

Apple Remote Desktop < 3.9 - Cleartext Password Exposure via Weak Authentication Protocol

Title source: llm
STIX 2.1

Description

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT207622

Scores

CVSS v3 7.5
EPSS 0.0059
EPSS Percentile 43.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-327
Status published
Products (1)
apple/remote_desktop < 3.9
Published Dec 23, 2021
Tracked Since Feb 18, 2026