Sign-up

ID

VAR-200212-0801


CVE

CVE-2002-2326


TITLE

Apple MacOS iDisk Mail.APP Default configuration password leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-461

DESCRIPTION

The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. The iDisk service password is also used by the Mac.com service. Users of both services can use Mail.app to retrieve mail from Mac.com. Authentication credentials for the iDisk service are sent using HTTPS over WebDAV, which ensures that the communications between client and server are encrypted. However, Mail.app does not appear to use the same security measure by default when communicating with Mac.com. While Mail.app can be configured to communicate with mail servers using SSL, this option does not appear to be enabled in the default Mail.app configuration. STARTTLS is supported on the server-side by Mac.com. An attacker may potentially take advantage of this exposure to gain unauthorized access to both Mac.com and iDisk, since the credentials are shared between the two services

Trust: 1.26

sources: NVD: CVE-2002-2326 // BID: 5303 // VULHUB: VHN-6709

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: BID: 5303 // CNNVD: CNNVD-200212-461 // NVD: CVE-2002-2326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2326
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200212-461
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-2326
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6709 // CNNVD: CNNVD-200212-461 // NVD: CVE-2002-2326

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.1

sources: VULHUB: VHN-6709 // NVD: CVE-2002-2326

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-461

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200212-461

EXTERNAL IDS

db:BIDid:5303

Trust: 2.0

db:NVDid:CVE-2002-2326

Trust: 1.7

db:CNNVDid:CNNVD-200212-461

Trust: 0.7

db:XFid:9670

Trust: 0.6

db:BUGTRAQid:20020724 APPLE OSX AND IDISK AND MAIL.APP

Trust: 0.6

db:BUGTRAQid:20020724 RE: APPLE OSX AND IDISK AND MAIL.APP

Trust: 0.6

db:VULHUBid:VHN-6709

Trust: 0.1

sources: VULHUB: VHN-6709 // BID: 5303 // CNNVD: CNNVD-200212-461 // NVD: CVE-2002-2326

REFERENCES

url:http://www.securityfocus.com/bid/5303

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-07/0276.html

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-07/0281.html

Trust: 1.7

url:http://www.iss.net/security_center/static/9670.php

Trust: 1.7

sources: VULHUB: VHN-6709 // CNNVD: CNNVD-200212-461 // NVD: CVE-2002-2326

CREDITS

Discovery of this issue is credited to Randal L. Schwartz <merlyn@stonehenge.com>.

Trust: 0.9

sources: BID: 5303 // CNNVD: CNNVD-200212-461

SOURCES

db:VULHUBid:VHN-6709
db:BIDid:5303
db:CNNVDid:CNNVD-200212-461
db:NVDid:CVE-2002-2326

LAST UPDATE DATE

2025-04-03T22:39:08.299000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6709date:2008-09-05T00:00:00
db:BIDid:5303date:2002-07-24T00:00:00
db:CNNVDid:CNNVD-200212-461date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2326date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-6709date:2002-12-31T00:00:00
db:BIDid:5303date:2002-07-24T00:00:00
db:CNNVDid:CNNVD-200212-461date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2326date:2002-12-31T05:00:00