← Back

CVE-2017-7149

nvd nist
Published: Oct 23, 2017Modified: May 13, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value.

Affected (1)

Products: Apple: Mac Os X
Apple
1 product
Mac Os X
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Up to 10.13

References (12)

Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
ExploitThird Party Advisory
Source: product-security@apple.com
ExploitTechnical DescriptionThird Party Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
ExploitPress/Media CoverageThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPress/Media CoverageThird Party Advisory

Timeline

No history available yet.