About the security content of Xsan 2.2

This document describes the security content of Xsan 2.2.

Dieser Artikel wurde archiviert und wird von Apple nicht mehr aktualisiert.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Xsan 2.2

  • Xsan

    CVE-ID: CVE-2009-2201

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 or later, Mac OS X Server v10.6 or later

    Impact: When screen sharing via the Xsan Admin application, another person viewing the display may see the user's name and password

    Description: Screensharing via the Xsan Admin application could present an error dialog containing the user's name and password. A person who can view the user's display could see the user's credentials in cleartext. The issue is addressed by not embedding credentials in the connection URL. This issue affects only Xsan Admin, and not Xsan Filesystem. Credit to Ben Greisler of Kadimac Corp Macintosh Integrators for reporting this issue.

Zuletzt geändert:

Zusätzliche Supportinformationen zum Produkt

Diskussion beginnen

in den Apple Support Communities
Alle Fragen zu diesem Artikel anzeigen Alle von mir gestellten Fragen anzeigen
Deutschland (Deutsch)