Information Disclosure Vulnerability in Apple Xsan Admin Application
CVE-2009-2201

Currently unrated

Key Information:

Vendor: Apple
Status: Xsan
Vendor: CVE Published:; 15 September 2009

What is CVE-2009-2201?

The screensharing feature in the Admin application of Apple Xsan versions prior to 2.2 exposes sensitive information by embedding usernames and passwords in cleartext URLs within error dialogs. This vulnerability allows attackers with physical access to read these dialogs and capture user credentials, posing a serious risk to security. To mitigate this issue, upgrading to the latest version or ensuring that physical access to the system is restricted is essential.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53232

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/36385

vdb-entryx_refsource_BID

http://osvdb.org/58133

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2009
Vulnerability Reserved
Jun 24, 2009