Info

Disclosure

Oct 28, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may lead to an unauthorized password exposure. The issue is due to the way the Keychain Access utility handles automatic password display timeouts. When a keychain automatically locks due to a timeout while viewing a stored password, the password will remain visible afterwords. It is possible to gain access to plaintext passwords when viewing a keychain resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 10.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.	Mac OS X	10.4.2
Apple Computer, Inc.	Mac OS X Server	10.4.2

References

Security Tracker: 1015126
Secunia Advisory ID: 17368
CVE ID: 2005-2739 (see also: NVD)
Related OSVDB ID: 20427 20428 20429 20431
Keyword: APPLE-SA-2005-10-31
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0386.html
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=302763
Vendor URL: http://www.apple.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/20430

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

Mac OS X Server

References

Credit