CVE-2010-1820Improper Authentication in Apple MAC OS X

CWE-287Improper Authentication3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 44.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedSep 21
Latest updateMay 17

Description

Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDapple/mac_os_x_server5 versions+4
NVDapple/mac_os_x5 versions+4

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-gmcr-rvvr-3pv2: Apple Filing Protocol (AFP) Server in Apple Mac OS X 102022-05-17
CVEList
CVE-2010-1820: Apple Filing Protocol (AFP) Server in Apple Mac OS X 102010-09-21
CVE-2010-1820 — Improper Authentication in Apple | cvebase