Cryptographic Vulnerability in Apple Remote Desktop Authentication Protocol
CVE-2017-2488

7.5HIGH

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 23 December 2021

What is CVE-2017-2488?

A vulnerability in the authentication protocol of Apple Remote Desktop exposes users to potential attacks, allowing malicious actors to capture cleartext passwords. This cryptographic weakness compromises the security of user sessions, making it imperative for users to upgrade to Apple Remote Desktop 3.9 or later, where the issue has been remedied by the implementation of the Secure Remote Password authentication protocol.

Affected Version(s)

Apple Remote Desktop < 3.9

References

https://support.apple.com/en-us/HT207622

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2021
Vulnerability Reserved
Dec 1, 2016