Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for 802.11n by apple

    VAR-200306-0002

    Vulnerability from variot - Updated: 2025-04-03 22:39

    The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol.

    The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information.

    AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed.

    If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200306-0002",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "802.11n",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "7.3.1"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "none",
            "version": null
          },
          {
            "model": "airport base station",
            "scope": null,
            "trust": 0.3,
            "vendor": "apple",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "db": "BID",
            "id": "7554"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jeremy Rauch\u203b jrauch@atstake.com\u203bDave G\u203b daveg@atstake.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2003-0270",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CVE-2003-0270",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "VHN-7099",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2003-0270",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200306-074",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-7099",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7099"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol. \n\n\u00a0The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information. \n\n\u00a0AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed. \n\n\u00a0If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "db": "BID",
            "id": "7554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-7099"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2003-0270",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "7554",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1006742",
            "trust": 1.7
          },
          {
            "db": "SECUNIA",
            "id": "8773",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2003-1333",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "11980",
            "trust": 0.6
          },
          {
            "db": "ATSTAKE",
            "id": "A051203-1",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-7099",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "db": "VULHUB",
            "id": "VHN-7099"
          },
          {
            "db": "BID",
            "id": "7554"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "id": "VAR-200306-0002",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7099"
          }
        ],
        "trust": 0.48026314999999997
      },
      "last_update_date": "2025-04-03T22:39:58.221000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/7554"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1006742"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/8773"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/11980"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/airport/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7099"
          },
          {
            "db": "BID",
            "id": "7554"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "db": "VULHUB",
            "id": "VHN-7099"
          },
          {
            "db": "BID",
            "id": "7554"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-05-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "date": "2003-06-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-7099"
          },
          {
            "date": "2003-05-12T00:00:00",
            "db": "BID",
            "id": "7554"
          },
          {
            "date": "2003-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "date": "2003-06-16T04:00:00",
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-05-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-7099"
          },
          {
            "date": "2009-07-11T22:06:00",
            "db": "BID",
            "id": "7554"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2003-0270"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apple AirPort administrator password encryption vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "7554"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-074"
          }
        ],
        "trust": 0.9
      }
    }

    CVE-2003-0270 (GCVE-0-2003-0270)

    Vulnerability from nvd – Published: 2003-05-14 04:00 – Updated: 2024-08-08 01:50
    VLAI
    Summary
    The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/8773 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1006742 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/7554 vdb-entryx_refsource_BID
    http://www.atstake.com/research/advisories/2003/a… vendor-advisoryx_refsource_ATSTAKE
    Date Public
    2003-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:50:47.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "airport-auth-credentials-disclosure(11980)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
              },
              {
                "name": "8773",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/8773"
              },
              {
                "name": "1006742",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1006742"
              },
              {
                "name": "7554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7554"
              },
              {
                "name": "A051203-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "airport-auth-credentials-disclosure(11980)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
            },
            {
              "name": "8773",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/8773"
            },
            {
              "name": "1006742",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1006742"
            },
            {
              "name": "7554",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7554"
            },
            {
              "name": "A051203-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "airport-auth-credentials-disclosure(11980)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
                },
                {
                  "name": "8773",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/8773"
                },
                {
                  "name": "1006742",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1006742"
                },
                {
                  "name": "7554",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7554"
                },
                {
                  "name": "A051203-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0270",
        "datePublished": "2003-05-14T04:00:00.000Z",
        "dateReserved": "2003-05-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:50:47.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0270 (GCVE-0-2003-0270)

    Vulnerability from cvelistv5 – Published: 2003-05-14 04:00 – Updated: 2024-08-08 01:50
    VLAI
    Summary
    The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/8773 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1006742 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/7554 vdb-entryx_refsource_BID
    http://www.atstake.com/research/advisories/2003/a… vendor-advisoryx_refsource_ATSTAKE
    Date Public
    2003-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:50:47.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "airport-auth-credentials-disclosure(11980)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
              },
              {
                "name": "8773",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/8773"
              },
              {
                "name": "1006742",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1006742"
              },
              {
                "name": "7554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7554"
              },
              {
                "name": "A051203-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "airport-auth-credentials-disclosure(11980)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
            },
            {
              "name": "8773",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/8773"
            },
            {
              "name": "1006742",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1006742"
            },
            {
              "name": "7554",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7554"
            },
            {
              "name": "A051203-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "airport-auth-credentials-disclosure(11980)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
                },
                {
                  "name": "8773",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/8773"
                },
                {
                  "name": "1006742",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1006742"
                },
                {
                  "name": "7554",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7554"
                },
                {
                  "name": "A051203-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0270",
        "datePublished": "2003-05-14T04:00:00.000Z",
        "dateReserved": "2003-05-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:50:47.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }