Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
Software | From | Fixed in |
---|---|---|
apple / mac_os_x | 10.5 | 10.5.x |
apple / mac_os_x | 10.5.1 | 10.5.1.x |
apple / mac_os_x | 10.5.2 | 10.5.2.x |
apple / mac_os_x | 10.5.3 | 10.5.3.x |
apple / mac_os_x | 10.5.4 | 10.5.4.x |
apple / mac_os_x_server | 10.5 | 10.5.x |
apple / mac_os_x_server | 10.5.1 | 10.5.1.x |
apple / mac_os_x_server | 10.5.2 | 10.5.2.x |
apple / mac_os_x_server | 10.5.3 | 10.5.3.x |
apple / mac_os_x_server | 10.5.4 | 10.5.4.x |