Captive Network Assistant UI Error Allows Password Sniffing
CVE-2017-7143 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.
Learn more about our Cis Benchmark Audit For Apple Macos.