CVE-2006-4399 - OpenCVE

User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
http://secunia.com/advisories/22187
http://securitytracker.com/id?1016958
http://www.kb.cert.org/vuls/id/847468
http://www.osvdb.org/29276
http://www.securityfocus.com/bid/20271
http://www.us-cert.gov/cas/techalerts/TA06-275A.html
http://www.vupen.com/english/advisories/2006/3852
https://exchange.xforce.ibmcloud.com/vulnerabilities/29302

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-02T22:00:00

Updated: 2024-08-07T19:06:07.634Z

Reserved: 2006-08-28T00:00:00

Link: CVE-2006-4399

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-10-03T04:02:00.000

Modified: 2017-07-20T01:33:04.850

Link: CVE-2006-4399

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#847468", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/847468"}, {"name": "29276", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29276"}, {"name": "20271", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20271"}, {"name": "macos-workgroup-weak-security(29302)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29302"}, {"name": "22187", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22187"}, {"name": "ADV-2006-3852", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3852"}, {"name": "APPLE-SA-2006-09-29", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"}, {"name": "1016958", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016958"}, {"name": "TA06-275A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4399", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#847468", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/847468"}, {"name": "29276", "refsource": "OSVDB", "url": "http://www.osvdb.org/29276"}, {"name": "20271", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20271"}, {"name": "macos-workgroup-weak-security(29302)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29302"}, {"name": "22187", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22187"}, {"name": "ADV-2006-3852", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3852"}, {"name": "APPLE-SA-2006-09-29", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"}, {"name": "1016958", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016958"}, {"name": "TA06-275A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.634Z"}, "title": "CVE Program Container", "references": [{"name": "VU#847468", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/847468"}, {"name": "29276", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29276"}, {"name": "20271", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20271"}, {"name": "macos-workgroup-weak-security(29302)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29302"}, {"name": "22187", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22187"}, {"name": "ADV-2006-3852", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3852"}, {"name": "APPLE-SA-2006-09-29", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"}, {"name": "1016958", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016958"}, {"name": "TA06-275A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4399", "datePublished": "2006-10-02T22:00:00", "dateReserved": "2006-08-28T00:00:00", "dateUpdated": "2024-08-07T19:06:07.634Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended."}, {"lang": "es", "value": "Inconsistencia de interfaz de usuario en el Administrador de Grupos de Trabajo (Workgroup Manager) en Apple Mac OS X 10.4 hasta 10.4.7 aparece para permitir a los administradores cambiar el tipo de autenticaci\u00f3n de contrase\u00f1as crypt a ShadowHash para cuentas en un servidor NetInfo padre, cuando dicha operaci\u00f3n no est\u00e1 realmente soportada, lo cual podr\u00eda resultar en una gesti\u00f3n de contrase\u00f1as menos segura de lo que se pretend\u00eda."}], "id": "CVE-2006-4399", "lastModified": "2017-07-20T01:33:04.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-03T04:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22187"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1016958"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/847468"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29276"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/20271"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3852"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29302"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}