Apple Remote Desktop prior to 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote malicious users to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple apple remote desktop 3.3.2 |
||
apple apple remote desktop 3.4 |
||
apple apple remote desktop 3.5 |
||
apple apple remote desktop 3.5.1 |
||
apple apple remote desktop 3.0.0 |
||
apple apple remote desktop 3.1 |
||
apple apple remote desktop 3.2 |
||
apple apple remote desktop 3.5.4 |
||
apple apple remote desktop 3.2.2 |
||
apple apple remote desktop 3.3.1 |
||
apple apple remote desktop 3.5.2 |
||
apple apple remote desktop 3.6 |
||
apple apple remote desktop |
||
apple apple remote desktop 3.2.1 |
||
apple apple remote desktop 3.3 |
||
apple apple remote desktop 3.5.3 |
||
apple apple remote desktop 3.6.1 |