Apple · Xsan · CVE-2009-2201
**Name of the Vulnerable Software and Affected Versions**
Apple Xsan versions prior to 2.2
**Description**
The issue concerns the screensharing feature in the Admin application, where a cleartext username and password are placed in a URL within an error dialog. This allows physically proximate attackers to obtain credentials by reading the dialog.
**Recommendations**
For Apple Xsan versions prior to 2.2, update to version 2.2 or later to resolve the issue.