CVE-2008-3611

CVSS 6.3 - MEDIUM
Description

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

Affected Products
2
Vendor Product Version
apple mac_os_x 10.4.11
apple mac_os_x_server 10.4.11
References
http://lists.apple.com/archives/security-announce/...
http://secunia.com/advisories/31882
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189
http://www.us-cert.gov/cas/techalerts/TA08-260A.ht...
http://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://lists.apple.com/archives/security-announce/...
http://secunia.com/advisories/31882
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189
http://www.us-cert.gov/cas/techalerts/TA08-260A.ht...
http://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-287
CVE Information
CVE ID:
CVE-2008-3611
Published:
2008-09-16
Modified:
2026-04-23
CVSS Score:
6.3
Severity:
MEDIUM
Vector:
AV:L/AC:M/Au:N/C:N/I:C/A:C
Affected Vendors
apple
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL