Main Vulnerability Database Vulnerabilities #VU42433

Cryptographic issues in macOS - CVE-2013-5185

Published: October 24, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42433

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-5185

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.

How to mitigate CVE-2013-5185

Install update from vendor's website.

Sources

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

Cryptographic issues in macOS - CVE-2013-5185

Detailed vulnerability description

How to mitigate CVE-2013-5185

Sources

Please verify you're human