CVE-2016-4745

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.12

Description The issue concerns the Kerberos 5 PAM module, which does not utilize constant-time operations to determine username validity. This oversight allows remote attackers to potentially enumerate user accounts through a timing side-channel attack.

Recommendations For Apple OS X versions prior to 10.12, update to version 10.12 or later to resolve the issue.