CVE-2013-5136

Currently unrated

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 24 October 2013

Summary

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

References

http://lists.apple.com/archives/security-announce/2013/Oc...

vendor-advisoryx_refsource_APPLE

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013