CVE-2008-1005

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-1005
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
http://secunia.com/advisories/29393
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28326
http://www.securitytracker.com/id?1019656
http://www.us-cert.gov/cas/techalerts/TA08-079A.html US Government Resource
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41329
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
http://secunia.com/advisories/29393
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28326
http://www.securitytracker.com/id?1019656
http://www.us-cert.gov/cas/techalerts/TA08-079A.html US Government Resource
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41329
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
History

21 Nov 2024, 00:43

Type Values Removed Values Added
References () http://docs.info.apple.com/article.html?artnum=307563 - () http://docs.info.apple.com/article.html?artnum=307563 -
References () http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html - () http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html -
References () http://secunia.com/advisories/29393 - () http://secunia.com/advisories/29393 -
References () http://www.securityfocus.com/bid/28290 - () http://www.securityfocus.com/bid/28290 -
References () http://www.securityfocus.com/bid/28326 - () http://www.securityfocus.com/bid/28326 -
References () http://www.securitytracker.com/id?1019656 - () http://www.securitytracker.com/id?1019656 -
References () http://www.us-cert.gov/cas/techalerts/TA08-079A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA08-079A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2008/0920/references - () http://www.vupen.com/english/advisories/2008/0920/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41329 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41329 -
Information

Published : 2008-03-19 00:44

Updated : 2025-04-09 00:30

NVD link : CVE-2008-1005

Mitre link : CVE-2008-1005

CVE.ORG link : CVE-2008-1005

JSON object : View

Products Affected

apple

  • safari
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor