Local User Information Disclosure in Apple OS X Server Profile Manager
CVE-2014-4447

Currently unrated

Key Information:

Vendor: Apple
Status: Os X Server
Vendor: CVE Published:; 18 October 2014

Summary

The Profile Manager in Apple OS X Server prior to version 4.0 contains a security flaw that allows local users to access cleartext passwords. This vulnerability is triggered during profile setup or profile editing, enabling unauthorized users to read sensitive information stored in a specific file. Due to this weakness, the privacy of system credentials may be compromised, making it essential for users to evaluate their security measures.

References

http://www.securitytracker.com/id/1031071

vdb-entryx_refsource_SECTRACK

http://archives.neohapsis.com/archives/bugtraq/2014-10/01...

vendor-advisoryx_refsource_APPLE

https://support.apple.com/kb/HT6536

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 18, 2014
Vulnerability Reserved
Jun 20, 2014