Lucene search
AppleCVELIST:CVE-2017-7149HistoryOct 23, 2017 - 1:00 a.m.
CVE-2017-7149
2017-10-2301:00:00
apple
www.cve.org
3
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the “StorageKit” component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value.
References
www.securityfocus.com/bid/101178
www.securitytracker.com/id/1039513
hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/
support.apple.com/HT208165
www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/
Related
threatpost
threatpost
Critical Apple Login Bug Puts macOS High Sierra Systems at Risk
2017-11-28 20:47:00
Emergency Apple Patch Fixes High Sierra Password Hint Leak
2017-10-06 05:42:06
Apple Announces Emergency Patch to Fix High Sierra Login Bug
2017-11-29 13:17:13
nvd
nvd
CVE-2017-7149
2017-10-23 01:29:14
cve
cve
CVE-2017-7149
2017-10-23 01:29:14
prion
prion
Code injection
2017-10-23 01:29:00
openvas
openvas
Apple Mac OS X Multiple Information Disclosure Vulnerabilities (HT208165)
2017-10-09 00:00:00
apple
apple
nessus
nessus
macOS < 10.13 Multiple Vulnerabilities
2017-10-03 00:00:00