Search criteria
4 vulnerabilities found for 802.11n by apple
VAR-200306-0002
Vulnerability from variot - Updated: 2023-12-18 13:58The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol.
The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information.
AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed.
If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "802.11n",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "airport base station",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apple:802.11n:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Rauch\u203b jrauch@atstake.com\u203bDave G\u203b daveg@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-7099",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0270",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-074",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7099",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol. \n\n\u00a0The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information. \n\n\u00a0AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed. \n\n\u00a0If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "VULHUB",
"id": "VHN-7099"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0270",
"trust": 2.6
},
{
"db": "BID",
"id": "7554",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1006742",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "8773",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2003-1333",
"trust": 0.6
},
{
"db": "XF",
"id": "11980",
"trust": 0.6
},
{
"db": "ATSTAKE",
"id": "A051203-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7099",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"id": "VAR-200306-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7099"
}
],
"trust": 0.48026314999999997
},
"last_update_date": "2023-12-18T13:58:40.115000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7554"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1006742"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/8773"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11980"
},
{
"trust": 0.3,
"url": "http://www.apple.com/airport/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7099"
},
{
"date": "2003-05-12T00:00:00",
"db": "BID",
"id": "7554"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"date": "2003-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7099"
},
{
"date": "2009-07-11T22:06:00",
"db": "BID",
"id": "7554"
},
{
"date": "2017-07-11T01:29:30.277000",
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple AirPort administrator password encryption vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7554"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 0.9
}
}
FKIE_CVE-2003-0270
Vulnerability from fkie_nvd - Published: 2003-06-16 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:802.11n:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25611E-5EFC-468F-9D7C-5003CF63ED5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
},
{
"lang": "es",
"value": "La capacidad de administraci\u00f3n de Apple AirPort 802.11 wireless access point devices usa encripci\u00f3n d\u00e9bil (XOR con clave fija) para proteger las credenciales de autentificaci\u00f3n, lo que podr\u00eda permitir que atacantes remotos obtengan acceso administrativo mediante sniffing, cuando esa capacidad est\u00e1 disponible por Ethernet o conexiones no WEP."
}
],
"id": "CVE-2003-0270",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-06-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8773"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1006742"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7554"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1006742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2003-0270 (GCVE-0-2003-0270)
Vulnerability from cvelistv5 – Published: 2003-05-14 04:00 – Updated: 2024-08-08 01:50
VLAI?
Summary
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "airport-auth-credentials-disclosure(11980)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"name": "8773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8773"
},
{
"name": "1006742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006742"
},
{
"name": "7554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7554"
},
{
"name": "A051203-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "airport-auth-credentials-disclosure(11980)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"name": "8773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8773"
},
{
"name": "1006742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006742"
},
{
"name": "7554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7554"
},
{
"name": "A051203-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "airport-auth-credentials-disclosure(11980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"name": "8773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8773"
},
{
"name": "1006742",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006742"
},
{
"name": "7554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7554"
},
{
"name": "A051203-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0270",
"datePublished": "2003-05-14T04:00:00",
"dateReserved": "2003-05-08T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0270 (GCVE-0-2003-0270)
Vulnerability from nvd – Published: 2003-05-14 04:00 – Updated: 2024-08-08 01:50
VLAI?
Summary
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "airport-auth-credentials-disclosure(11980)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"name": "8773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8773"
},
{
"name": "1006742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006742"
},
{
"name": "7554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7554"
},
{
"name": "A051203-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "airport-auth-credentials-disclosure(11980)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"name": "8773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8773"
},
{
"name": "1006742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006742"
},
{
"name": "7554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7554"
},
{
"name": "A051203-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "airport-auth-credentials-disclosure(11980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"name": "8773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8773"
},
{
"name": "1006742",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006742"
},
{
"name": "7554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7554"
},
{
"name": "A051203-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0270",
"datePublished": "2003-05-14T04:00:00",
"dateReserved": "2003-05-08T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}