Main Vulnerability Database Vulnerabilities #VU43493

Information disclosure in macOS and macOS Server - CVE-2012-3718

Published: September 21, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43493

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-3718

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS
macOS Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

How to mitigate CVE-2012-3718

Install update from vendor's website.

Sources

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://osvdb.org/85647
http://support.apple.com/kb/HT5501

Information disclosure in macOS and macOS Server - CVE-2012-3718

Detailed vulnerability description

How to mitigate CVE-2012-3718

Sources

Please verify you're human