Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-3610

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Sep, 2008 | 23:00
Updated At-07 Aug, 2024 | 09:45
Rejected At-
Credits

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Sep, 2008 | 23:00
Updated At:07 Aug, 2024 | 09:45
Rejected At:
▼CVE Numbering Authority (CNA)

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/31189
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/45170
vdb-entry
x_refsource_XF
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
vendor-advisory
x_refsource_APPLE
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
third-party-advisory
x_refsource_CERT
http://securitytracker.com/id?1020878
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/2584
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31882
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/31189
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45170
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-260A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://securitytracker.com/id?1020878
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2008/2584
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31882
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/31189
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/45170
vdb-entry
x_refsource_XF
x_transferred
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://securitytracker.com/id?1020878
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2008/2584
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31882
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31189
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45170
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-260A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://securitytracker.com/id?1020878
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2584
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31882
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Sep, 2008 | 23:00
Updated At:08 Aug, 2017 | 01:32

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
Apple Inc.
apple
>>mac_os_x>>10.5
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.1
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.2
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.3
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.4
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5
cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.1
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.2
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.3
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.4
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlcve@mitre.org
Patch
http://secunia.com/advisories/31882cve@mitre.org
N/A
http://securitytracker.com/id?1020878cve@mitre.org
N/A
http://www.securityfocus.com/bid/31189cve@mitre.org
Patch
http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2008/2584cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/45170cve@mitre.org
N/A
Hyperlink: http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://secunia.com/advisories/31882
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1020878
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31189
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-260A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2008/2584
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45170
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

214Records found
CVE-2009-0138
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-3463
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.74%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-44127
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.71%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-12 Dec, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiphone_osipados
CWE ID-CWE-287
Improper Authentication
CVE-2024-40794
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 62.66%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-14 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadossafariSafarimacOSiOS and iPadOS
CWE ID-CWE-287
Improper Authentication
CVE-2024-27835
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.4||LOW
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 23:00
Updated-13 Feb, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiphone_osipad_os
CWE ID-CWE-287
Improper Authentication
CVE-2017-3167
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-8.46% / 91.98%
||
7 Day CHG+0.35%
Published-20 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.The Apache Software FoundationOracle CorporationApple Inc.NetApp, Inc.
Product-oncommand_unified_managerenterprise_linux_desktopenterprise_linux_server_aussecure_global_desktopenterprise_linux_server_tusjboss_core_servicesenterprise_linux_eusclustered_data_ontapenterprise_linux_workstationstoragegridenterprise_linuxenterprise_linux_serverdebian_linuxhttp_servermac_os_xApache HTTP Server
CWE ID-CWE-287
Improper Authentication
CVE-2021-30668
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 19.94%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:25
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-287
Improper Authentication
CVE-2024-23255
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 34.92%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-13 Feb, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosiOS and iPadOSmacOSiosipadosmacos
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2021-30770
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.53%
||
7 Day CHG-0.01%
Published-08 Sep, 2021 | 13:46
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvostvOSwatchOSiOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-32935
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 31.91%
||
7 Day CHG+0.01%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-macosipadosiphone_osmacOS
CWE ID-CWE-287
Improper Authentication
CVE-2014-0643
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-1.21% / 78.13%
||
7 Day CHG~0.00%
Published-16 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-rsa_netwitnessrsa_security_analyticsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3586
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-7.19% / 91.22%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.

Action-Not Available
Vendor-n/aSamsung
Product-dvrsmart_viewern/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-2562
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-1.02% / 76.28%
||
7 Day CHG~0.00%
Published-22 May, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.

Action-Not Available
Vendor-xelexn/aGoogle LLC
Product-mobiletrackandroidn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-287
Improper Authentication
CVE-2018-0886
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-91.37% / 99.65%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-17 Sep, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found