Bypassing Password Protection in MacOS 9 through Idle Locking Vulnerability

Bypassing Password Protection in MacOS 9 through Idle Locking Vulnerability

CVE-1999-1076 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.

Learn more about our Cis Benchmark Audit For Apple Macos.