VULHUB ™

Multiple issues have been identified in Apple Mac OS X Apple Filing Protocol (AFP) client that may allow an attacker to carry out man-in-the-middle attacks and steal confidential information. The first issue arises due to the fact that the AFP client does not issue a warning to a user if an SSH session cannot be established with a server. The client is reported to proceed with an unencrypted session via other means, while giving the impression that SSH tunneling is employed, leading to a false sense of security. The AFP client is also reported to be prone to a weakness that may allow an attacker to carry out man-in-the-middle attacks. This issue presents itself because the client does not differentiate between various encrypted authentication mechanisms Another weakness in the AFP client may also allow an attacker carry out man-in-the-middle attacks. This issue exists because the client does not verify a server's host key before a secure connection is established.

Multiple issues have been identified in Apple Mac OS X Apple Filing Protocol (AFP) client that may allow an attacker to carry out man-in-the-middle attacks and steal confidential information. The first issue arises due to the fact that the AFP client does not issue a warning to a user if an SSH session cannot be established with a server. The client is reported to proceed with an unencrypted session via other means, while giving the impression that SSH tunneling is employed, leading to a false sense of security. The AFP client is also reported to be prone to a weakness that may allow an attacker to carry out man-in-the-middle attacks. This issue presents itself because the client does not differentiate between various encrypted authentication mechanisms Another weakness in the AFP client may also allow an attacker carry out man-in-the-middle attacks. This issue exists because the client does not verify a server's host key before a secure connection is established.