CVE-2001-1565 — Invocation of Process Using Visible Sensitive Information in Apple MAC OS X

CWE-214 — Invocation of Process Using Visible Sensitive Information3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 60.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedDec 31

Latest updateApr 30

Description

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/mac_os_x7 versions+6

🔴Vulnerability Details

GHSA

GHSA-96wg-qq88-9qfh: Point to Point Protocol daemon (pppd) in MacOS x 10↗2022-04-30

▶

📐Framework References

CWE

Invocation of Process Using Visible Sensitive Information↗

▶