CVE-2003-0881 — Apple MAC OS X vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedNov 3

Latest updateApr 29

Description

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/mac_os_x10.3

Patches

Patch: docs.info.apple.com ↗Patch: docs.info.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-5v56-57g8-p27v: Mail in Mac OS X before 10↗2022-04-29

▶

📋Vendor Advisories

Red Hat

jabberd: DoS via the XML "billion laughs attack"↗2011-05-31

▶