ID

VAR-201011-0151


CVE

CVE-2010-3783


TITLE

Apple Mac OS X Vulnerability that can bypass password authentication in a password server

Trust: 0.8

sources: JVNDB: JVNDB-2010-002427

DESCRIPTION

Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. An attacker can exploit this issue to gain unauthorized access to the affected computer. The following are affected: Mac OS X 10.6 through 10.6.4 Mac OS X Server 10.6 through 10.6.4 NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it

Trust: 1.98

sources: NVD: CVE-2010-3783 // JVNDB: JVNDB-2010-002427 // BID: 44833 // VULHUB: VHN-46388

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44833 // JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169 // NVD: CVE-2010-3783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3783
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3783
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-169
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3783
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46388
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46388 // JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169 // NVD: CVE-2010-3783

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-46388 // JVNDB: JVNDB-2010-002427 // NVD: CVE-2010-3783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-169

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201011-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002427

PATCH

title:HT4435url:http://support.apple.com/kb/HT4435

Trust: 0.8

title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP

Trust: 0.8

title:MacOSXUpdCombo10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35034

Trust: 0.6

title:MacOSXUpd10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35033

Trust: 0.6

sources: JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169

EXTERNAL IDS

db:NVDid:CVE-2010-3783

Trust: 2.8

db:SECTRACKid:1024723

Trust: 1.1

db:JVNDBid:JVNDB-2010-002427

Trust: 0.8

db:CNNVDid:CNNVD-201011-169

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-10-1

Trust: 0.6

db:BIDid:44833

Trust: 0.4

db:VULHUBid:VHN-46388

Trust: 0.1

sources: VULHUB: VHN-46388 // BID: 44833 // JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169 // NVD: CVE-2010-3783

REFERENCES

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html

Trust: 1.7

url:http://support.apple.com/kb/ht4435

Trust: 1.7

url:http://www.securitytracker.com/id?1024723

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3783

Trust: 0.8

url:http://jvn.jp/cert/jvnvu331391

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3783

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.securityfocus.com/advisories/20899

Trust: 0.3

sources: VULHUB: VHN-46388 // BID: 44833 // JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169 // NVD: CVE-2010-3783

CREDITS

Apple

Trust: 0.3

sources: BID: 44833

SOURCES

db:VULHUBid:VHN-46388
db:BIDid:44833
db:JVNDBid:JVNDB-2010-002427
db:CNNVDid:CNNVD-201011-169
db:NVDid:CVE-2010-3783

LAST UPDATE DATE

2025-04-11T19:40:08.964000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-46388date:2010-12-10T00:00:00
db:BIDid:44833date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002427date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-169date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3783date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-46388date:2010-11-16T00:00:00
db:BIDid:44833date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002427date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-169date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3783date:2010-11-16T22:00:15.930