CVE-2008-1005 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 75.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 19

Latest updateMay 1

Description

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari16 versions+15

🔴Vulnerability Details

GHSA

GHSA-qf29-g3vw-qh22: WebCore, as used in Apple Safari before 3↗2022-05-01

▶