Logic Error in Credential Validation in macOS High Sierra and El Capitan
CVE-2017-13889

9.8CRITICAL

Key Information:

Vendor: Apple
Status: Mac Os X
Vendor: CVE Published:; 11 January 2019

Summary

In certain versions of macOS High Sierra and El Capitan, a logic error was found during the validation process of user credentials. This vulnerability could potentially allow unauthorized access due to insufficient checks on user input. The issue has been addressed through improved methods for credential validation in subsequent updates.

References

https://support.apple.com/HT208465

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2019
Vulnerability Reserved
Aug 30, 2017