CVE-2016-4745

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
25/09/2016
Last modified:
12/04/2025

Description

The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 10.11.6 (including)