Mac OS X Lion OpenLDAP server contains a vulnerability that permits certain clients to log in using invalid usernames and invalid passwords.
Mac OS X Lion v10.7.1 and earlier
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Retina 15395 - Apple Mac OS X Security Update 2011-006 and OS X 10.7.2 Update
No reasonable mitigation exists.
- Original Disclosure
- Invalid Password Verification
- Invalid Username Verification
- Apple Security Update 2011-006