Sign-up

ID

VAR-201011-0151


CVE

CVE-2010-3783


TITLE

Apple Mac OS X Vulnerability that can bypass password authentication in a password server

Trust: 0.8

sources: JVNDB: JVNDB-2010-002427

DESCRIPTION

Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. An attacker can exploit this issue to gain unauthorized access to the affected computer. The following are affected: Mac OS X 10.6 through 10.6.4 Mac OS X Server 10.6 through 10.6.4 NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it

Trust: 1.98

sources: NVD: CVE-2010-3783 // JVNDB: JVNDB-2010-002427 // BID: 44833 // VULHUB: VHN-46388

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44833 // JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169 // NVD: CVE-2010-3783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3783
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3783
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-169
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3783
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46388
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46388 // JVNDB: JVNDB-2010-002427 // CNNVD: CNNVD-201011-169 // NVD: CVE-2010-3783

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-46388 // JVNDB: JVNDB-2010-002427 // NVD: CVE-2010-3783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-169

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201011-169

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002427

PATCH
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
title:MacOSXUpdCombo10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35034
Trust: 0.6
title:MacOSXUpd10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35033
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-002427 // 
            
            
            
            CNNVD: CNNVD-201011-169

EXTERNAL IDS
db:NVDid:CVE-2010-3783
Trust: 2.8
db:SECTRACKid:1024723
Trust: 1.1
db:JVNDBid:JVNDB-2010-002427
Trust: 0.8
db:CNNVDid:CNNVD-201011-169
Trust: 0.7
db:APPLEid:APPLE-SA-2010-11-10-1
Trust: 0.6
db:BIDid:44833
Trust: 0.4
db:VULHUBid:VHN-46388
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46388 // 
            
            
            
            BID: 44833 // 
            
            
            
            JVNDB: JVNDB-2010-002427 // 
            
            
            
            CNNVD: CNNVD-201011-169 // 
            
            
            
            NVD: CVE-2010-3783

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht4435
Trust: 1.7
url:http://www.securitytracker.com/id?1024723
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3783
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3783
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.securityfocus.com/advisories/20899
Trust: 0.3
sources:
            
            
            VULHUB: VHN-46388 // 
            
            
            
            BID: 44833 // 
            
            
            
            JVNDB: JVNDB-2010-002427 // 
            
            
            
            CNNVD: CNNVD-201011-169 // 
            
            
            
            NVD: CVE-2010-3783

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 44833

SOURCES
db:VULHUBid:VHN-46388
db:BIDid:44833
db:JVNDBid:JVNDB-2010-002427
db:CNNVDid:CNNVD-201011-169
db:NVDid:CVE-2010-3783

LAST UPDATE DATE
2025-04-11T19:40:08.964000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46388date:2010-12-10T00:00:00
db:BIDid:44833date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002427date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-169date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3783date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-46388date:2010-11-16T00:00:00
db:BIDid:44833date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002427date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-169date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3783date:2010-11-16T22:00:15.930