CVE-2009-2836Race Condition in Apple MAC OS X

CWE-362Race Condition3 documents3 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 88.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedNov 10
Latest updateMay 2

Description

Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.6, 10.6.1+1
NVDapple/mac_os_x_server10.6, 10.6.1+1

Patches

Patch: support.apple.comPatch: www.securityfocus.comPatch: support.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-xqhc-47rf-rgjc: Race condition in Login Window in Apple Mac OS X 102022-05-02
CVEList
CVE-2009-2836: Race condition in Login Window in Apple Mac OS X 102009-11-10
CVE-2009-2836 — Race Condition in Apple MAC OS X | cvebase