CVE-2014-4425 — Improper Authentication in Apple MAC OS X

CWE-287 — Improper Authentication2 documents2 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 80.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedOct 18

Latest updateMay 17

Description

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/mac_os_x10.9.5

🔴Vulnerability Details

GHSA

GHSA-435c-qjc2-826c: CFPreferences in Apple OS X before 10↗2022-05-17

▶