Captive Network Assistant UI Error Allows Password Sniffing

Captive Network Assistant UI Error Allows Password Sniffing

CVE-2017-7143 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.

Learn more about our Cis Benchmark Audit For Apple Macos.