CVE-2008-3611

Name of the Vulnerable Software and Affected Versions Mac OS X version 10.4.11

Description The issue arises when a user attempts to change their password, but the change is denied due to policy restrictions. In such cases, the current password is not cleared from the login window, allowing an attacker with physical access to the system to potentially bypass authentication. This could be exploited by an attacker entering a new, acceptable password on the same login screen, effectively changing the user's password without knowing the original password.

Recommendations For Mac OS X version 10.4.11, consider implementing a workaround to clear the password field after a failed password change attempt to prevent potential exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.