Information disclosure in macOS - CVE-2012-0652
Published: May 11, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU44097
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-0652
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
How to mitigate CVE-2012-0652
Install update from vendor's website.
Sources
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://support.apple.com/kb/HT5281
- http://support.apple.com/kb/HT5501
- http://www.securityfocus.com/bid/53445
- http://www.securityfocus.com/bid/53457
- http://www.securitytracker.com/id?1027024