CVE-2017-7143 - OpenCVE

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100993
http://www.securitytracker.com/id/1039427
https://support.apple.com/HT208144

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2017-10-23T01:00:00

Updated: 2024-08-05T15:56:34.807Z

Reserved: 2017-03-17T00:00:00

Link: CVE-2017-7143

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-23T01:29:13.957

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-7143

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Captive Network Assistant\" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "100993", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100993"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208144"}, {"name": "1039427", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039427"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2017-7143", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Captive Network Assistant\" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100993", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100993"}, {"name": "https://support.apple.com/HT208144", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208144"}, {"name": "1039427", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039427"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:34.807Z"}, "title": "CVE Program Container", "references": [{"name": "100993", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100993"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208144"}, {"name": "1039427", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039427"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2017-7143", "datePublished": "2017-10-23T01:00:00", "dateReserved": "2017-03-17T00:00:00", "dateUpdated": "2024-08-05T15:56:34.807Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "28DF1801-0B0E-4238-BEBA-B6530288980B", "versionEndIncluding": "10.12.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Captive Network Assistant\" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness."}, {"lang": "es", "value": "Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13. El problema implica el componente \"Captive Network Assistant\". Permite que atacantes remotos descubran contrase\u00f1as en texto claro en circunstancias oportunistas esnifando la red durante el uso de un navegador de portal cautivo, el cual tiene un error de interfaz de usuario que puede conducir a una transmisi\u00f3n en texto claro sin que el usuario sea consciente."}], "id": "CVE-2017-7143", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-23T01:29:13.957", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100993"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039427"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT208144"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}