The Kerberos 5 (aka krb5) PAM module in Apple OS X prior to 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote malicious users to enumerate user accounts via a timing side-channel attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |