VAR-200306-0061
Vulnerability from variot - Updated: 2025-04-03 22:37The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. Versions 10.2 and later of Apple's MacOS X operating system include support for the Lightweight Directory Access Protocol (LDAP). A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're transmitted across the network. It has been reported that Mac OS X may leak plain text passwords in a network that uses Kerberos. This could allow an attacker to gain unauthorized access to systems. Mac OS X is an operating system used on Mac machines, based on the BSD system. After authenticating the user with an encrypted password, the login window returns and attempts a simple bind to the server that transmits the account password in clear text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#467828"
},
{
"db": "BID",
"id": "7832"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0378",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7207",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0378",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#467828",
"trust": 0.8,
"value": "7.76"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-078",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7207",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#467828"
},
{
"db": "VULHUB",
"id": "VHN-7207"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. Versions 10.2 and later of Apple\u0027s MacOS X operating system include support for the Lightweight Directory Access Protocol (LDAP). A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user\u0027s passwords in plaintext as they\u0027re transmitted across the network. It has been reported that Mac OS X may leak plain text passwords in a network that uses Kerberos. This could allow an attacker to gain unauthorized access to systems. Mac OS X is an operating system used on Mac machines, based on the BSD system. After authenticating the user with an encrypted password, the login window returns and attempts a simple bind to the server that transmits the account password in clear text",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0378"
},
{
"db": "CERT/CC",
"id": "VU#467828"
},
{
"db": "BID",
"id": "7832"
},
{
"db": "VULHUB",
"id": "VHN-7207"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#467828",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2003-0378",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "8945",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1006922",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078",
"trust": 0.7
},
{
"db": "BID",
"id": "7832",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-7207",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#467828"
},
{
"db": "VULHUB",
"id": "VHN-7207"
},
{
"db": "BID",
"id": "7832"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"id": "VAR-200306-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7207"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:37:35.976000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://docs.info.apple.com/article.html?artnum=107579"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/467828"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/8945/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2003/jun/1006922.html"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=120223"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#467828"
},
{
"db": "VULHUB",
"id": "VHN-7207"
},
{
"db": "BID",
"id": "7832"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#467828"
},
{
"db": "VULHUB",
"id": "VHN-7207"
},
{
"db": "BID",
"id": "7832"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#467828"
},
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7207"
},
{
"date": "2003-06-05T00:00:00",
"db": "BID",
"id": "7832"
},
{
"date": "2003-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-23T00:00:00",
"db": "CERT/CC",
"id": "VU#467828"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-7207"
},
{
"date": "2009-07-11T22:06:00",
"db": "BID",
"id": "7832"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-078"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac OS X LDAP plugins transmit user credentials in clear text",
"sources": [
{
"db": "CERT/CC",
"id": "VU#467828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "7832"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-078"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…