Logic Error in Credential Validation in macOS High Sierra and El Capitan
CVE-2017-13889

9.8CRITICAL

Key Information:

Vendor: Apple
Status: Mac Os X
Vendor: CVE Published:; 11 January 2019

What is CVE-2017-13889?

In certain versions of macOS High Sierra and El Capitan, a logic error was found during the validation process of user credentials. This vulnerability could potentially allow unauthorized access due to insufficient checks on user input. The issue has been addressed through improved methods for credential validation in subsequent updates.

References

https://support.apple.com/HT208465

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2019
Vulnerability Reserved
Aug 30, 2017

Apple

What is CVE-2017-13889?

References

CVSS V3.1

Timeline