CVE-2012-0652

Published May 11, 2012

Last updated 7 years ago

Overview

Description: Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
Source: product-security@apple.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A82DEF28-B061-44B3-AF9B-BE529DB457D9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References