Vulnerability Note VU#847468

Apple Workgroup Manager fails to properly enable ShadowHash passwords

Original Release date: 02 Oct 2006 | Last revised: 21 Nov 2006

Overview

Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used.

Description

Workgroup Manager is a system adimistration tool in Apple Mac OS X Server that manages users, groups, and computers across a network. According to Apple Security Update 2006-006:

    Workgroup Manager appears to allow switching authentication type from crypt to ShadowHash passwords in a NetInfo parent, when in actuality it does not.

This issue can be easily detected by refreshing the view of an account in a NetInfo parent.

Impact

Workgroup Manager may appear to use ShadowHash passwords when crypt is used.

Solution

Upgrade
Apple has addressed this issue in Apple Security Update 2006-006.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-02 Oct 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This issue was reported in Apple Security Update 2006-006. Apple credits Chris Pepper of The Rockefeller University for reporting this issue.

This document was written by Chris Taschner.

Other Information

  • CVE IDs: CVE-2006-4399
  • Date Public: 29 Sep 2006
  • Date First Published: 02 Oct 2006
  • Date Last Updated: 21 Nov 2006
  • Document Revision: 10

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.