Improper Server Authentication Handling in Apple Remote Desktop
CVE-2013-5136

Currently unrated

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 24 October 2013

What is CVE-2013-5136?

Apple Remote Desktop versions before 3.7 are susceptible to a vulnerability that improperly handles server authentication-type information. This flaw can lead to situations where an unencrypted connection warning is not shown, enabling remote attackers to potentially intercept sensitive information during cleartext VNC sessions. By sniffing network traffic under opportunistic conditions, attackers can exploit this vulnerability to access critical data, emphasizing the need for secure connection practices.

References

http://lists.apple.com/archives/security-announce/2013/Oc...

vendor-advisoryx_refsource_APPLE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013