CVE-2010-1820

Published: Sep 21, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

Affected (10)

Products: Apple: Mac Os X, Mac Os X Server

2 products

Mac Os X Server

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.6.0
Apple Mac Os X	Version 10.6.1
Apple Mac Os X	Version 10.6.2
Apple Mac Os X	Version 10.6.3
Apple Mac Os X	Version 10.6.4
Apple Mac Os X Server	Version 10.6.0
Apple Mac Os X Server	Version 10.6.1
Apple Mac Os X Server	Version 10.6.2
Apple Mac Os X Server	Version 10.6.3
Apple Mac Os X Server	Version 10.6.4

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

http://lists.apple.com/archives/security-announce/2010/Sep/msg00004.html

Source: product-security@apple.com

PatchVendor Advisory

http://support.apple.com/kb/HT4361

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/43341

Source: product-security@apple.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12109

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010/Sep/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://support.apple.com/kb/HT4361

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/43341

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12109

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.