Improper Server Authentication Handling in Apple Remote Desktop

CVE-2013-5136

Summary

Apple Remote Desktop versions before 3.7 are susceptible to a vulnerability that improperly handles server authentication-type information. This flaw can lead to situations where an unencrypted connection warning is not shown, enabling remote attackers to potentially intercept sensitive information during cleartext VNC sessions. By sniffing network traffic under opportunistic conditions, attackers can exploit this vulnerability to access critical data, emphasizing the need for secure connection practices.

References