Cocktail 3.5.4 and Earlier in Mac OS X Vulnerability: Cleartext Transmission of Administrative Password

Cocktail 3.5.4 and Earlier in Mac OS X Vulnerability: Cleartext Transmission of Administrative Password

CVE-2005-1387 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.

Learn more about our User Device Pen Test.