Sign-up

ID

VAR-201003-0215


CVE

CVE-2010-0510


TITLE

Apple Mac OS X Password server access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001266

DESCRIPTION

Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. Remote attackers can exploit this issue to gain unauthorized access to the affected computer by using outdated passwords. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. It may not have copied the password when processing replication, and a remote attacker could use an expired password to log into the system

Trust: 1.98

sources: NVD: CVE-2010-0510 // JVNDB: JVNDB-2010-001266 // BID: 39273 // VULHUB: VHN-43115

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:lteversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

sources: BID: 39273 // JVNDB: JVNDB-2010-001266 // CNNVD: CNNVD-201003-472 // NVD: CVE-2010-0510

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0510
value: HIGH

Trust: 1.0

NVD: CVE-2010-0510
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201003-472
value: CRITICAL

Trust: 0.6

VULHUB: VHN-43115
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-0510
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43115
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43115 // JVNDB: JVNDB-2010-001266 // CNNVD: CNNVD-201003-472 // NVD: CVE-2010-0510

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-43115 // JVNDB: JVNDB-2010-001266 // NVD: CVE-2010-0510

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-472

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201003-472

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001266

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001266

EXTERNAL IDS
db:NVDid:CVE-2010-0510
Trust: 2.8
db:JVNDBid:JVNDB-2010-001266
Trust: 0.8
db:CNNVDid:CNNVD-201003-472
Trust: 0.7
db:NSFOCUSid:14715
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:BIDid:39273
Trust: 0.4
db:VULHUBid:VHN-43115
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43115 // 
            
            
            
            BID: 39273 // 
            
            
            
            JVNDB: JVNDB-2010-001266 // 
            
            
            
            CNNVD: CNNVD-201003-472 // 
            
            
            
            NVD: CVE-2010-0510

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://support.apple.com/kb/ht4077
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0510
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0510
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-43115 // 
            
            
            
            BID: 39273 // 
            
            
            
            JVNDB: JVNDB-2010-001266 // 
            
            
            
            CNNVD: CNNVD-201003-472 // 
            
            
            
            NVD: CVE-2010-0510

CREDITS
Michael KisorDamian Put <pucik@cc-team.org>
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201003-472

SOURCES
db:VULHUBid:VHN-43115
db:BIDid:39273
db:JVNDBid:JVNDB-2010-001266
db:CNNVDid:CNNVD-201003-472
db:NVDid:CVE-2010-0510

LAST UPDATE DATE
2025-04-11T21:23:36.815000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43115date:2010-03-31T00:00:00
db:BIDid:39273date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001266date:2010-04-15T00:00:00
db:CNNVDid:CNNVD-201003-472date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0510date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43115date:2010-03-30T00:00:00
db:BIDid:39273date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001266date:2010-04-15T00:00:00
db:CNNVDid:CNNVD-201003-472date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0510date:2010-03-30T18:30:00.877