CVE-1999-1076

Name of the Vulnerable Software and Affected Versions MacOS 9

Description The issue allows local users to bypass password protection of idled sessions. This can be achieved by selecting the "Log Out" option and then choosing a "Cancel" option in the dialog box for an application that attempts to verify the user's intention to log out, which returns the attacker to the locked session.

Recommendations For MacOS 9, as a temporary workaround, consider disabling the idle locking function until a patch is available. Restrict access to the "Log Out" option to minimize the risk of exploitation. Avoid using the "Cancel" option in the dialog box for applications that verify the user's intention to log out until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.