safari's saved password at risk

2007.05.12

Credit: poplix

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2007-2580

CWE: CWE-Other

CVSS Base Score: 1.9/10

Impact Subscore: 2.9/10

Exploitability Subscore: 3.4/10

Exploit range: Local

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved password from the keychain.

cheers,
-poplix
http://px.dynalias.org

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

safari's saved password at risk

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

safari's saved password at risk

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.