Unencrypted Password-Change Requests in Open Directory Client in Apple OS X

Unencrypted Password-Change Requests in Open Directory Client in Apple OS X

CVE-2015-1147 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.

Learn more about our Network Penetration Testing.