7.8

CVE-2017-7149

Medienbericht
Exploit
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version <= 10.13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.386
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/101178
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039513
Third Party Advisory
VDB Entry
https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
Third Party Advisory
Exploit
https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/
Third Party Advisory
Exploit
Technical Description
https://support.apple.com/HT208165
Vendor Advisory
https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/
Third Party Advisory
Exploit
Press/Media Coverage