PT-2021-8578 · Apple · Remote Desktop
Published
2021-12-23
·
Updated
2022-01-07
·
CVE-2017-2488
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Remote Desktop versions prior to 3.9
Description
A cryptographic weakness existed in the authentication protocol of Remote Desktop, allowing an attacker to potentially capture cleartext passwords. This issue was addressed by implementing the Secure Remote Password authentication protocol.
Recommendations
For Apple Remote Desktop versions prior to 3.9, update to Apple Remote Desktop 3.9 to resolve the issue. As a temporary workaround, consider restricting access to Remote Desktop until the update is applied.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Remote Desktop