CVE-2006-1446 - Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain

CVE-2006-1446

Summary

Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

apple	APPLE-SA-2006-05-11
bid	17951
cert	TA06-132A
osvdb	25590
sectrack	1016072
secunia	20077
vupen	ADV-2006-1779
xf	macos-keychain-security-bypass(26413)

Last major update

20-07-2017 - 01:30

Published

12-05-2006 - 21:02

Last modified

20-07-2017 - 01:30