CVE-2009-0152 — Cleartext Storage of Sensitive Info in Apple MAC OS X

CWE-312 — Cleartext Storage of Sensitive Info CWE-311 — Missing Encryption of Sensitive Data5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMay 13

Latest updateMay 2

Description

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapple/mac_os_x10.5.0 — 10.5.7

▶NVDapple/mac_os_x_server10.5.0 — 10.5.7

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-3g7h-7745-2cmg: iChat in Apple Mac OS X 10↗2022-05-02

▶

CVEList

CVE-2009-0152: iChat in Apple Mac OS X 10↗2009-05-13

▶

📐Framework References

CWE

Missing Encryption of Sensitive Data↗

▶

CWE

Cleartext Storage of Sensitive Information↗

▶