CVE-2008-3610

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.5 through 10.5.4

Description A race condition exists in the Login Window of Apple Mac OS X. When a blank-password account is enabled, attackers can bypass password authentication. This is achieved by making multiple attempts to login to the blank-password account, followed by selecting an arbitrary account from the user list.

Recommendations For Apple Mac OS X versions 10.5 through 10.5.4, consider disabling blank-password accounts as a temporary workaround to minimize the risk of exploitation. Restrict access to the Login Window to prevent unauthorized login attempts.