PT-2012-2760 · Apple · Macos X

Jaakko Pero

Published

2012-05-11

Updated

2017-12-05

CVE-2012-0652

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple Mac OS X version 10.7.3

Description The issue concerns the Login Window in Apple Mac OS X. When Legacy File Vault or networked home directories are enabled, it does not properly restrict what is written to the system log for network logins. This allows local users to obtain sensitive information by reading the log.

Recommendations For Apple Mac OS X version 10.7.3, consider disabling Legacy File Vault or networked home directories as a temporary workaround to minimize the risk of exploitation. Restrict access to the system log to prevent local users from obtaining sensitive information.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-0652

Affected Products

Macos X

PT-2012-2760 · Apple · Macos X

CVE-2012-0652

Weakness Enumeration

Related Identifiers

Affected Products

References · 8