CVE-2017-2488Use of a Broken or Risky Cryptographic Algorithm in Apple Remote Desktop

CWE-327Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 65.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Remote DesktopApple Remote Desktop
Timeline
PublishedDec 23
Latest updateDec 24

Description

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5apple/apple_remote_desktopunspecified3.9

🔴Vulnerability Details

2
GHSA
GHSA-vg4h-72cx-f756: A cryptographic weakness existed in the authentication protocol of Remote Desktop2021-12-24
CVEList
CVE-2017-2488: A cryptographic weakness existed in the authentication protocol of Remote Desktop2021-12-23

📋Vendor Advisories

1
Apple
CVE-2017-2488: Apple Remote Desktop 3.92017-02-21
CVE-2017-2488 — Apple Remote Desktop vulnerability | cvebase