{"vuid":"VU#847468","idnumber":"847468","name":"Apple Workgroup Manager fails to properly enable ShadowHash passwords","keywords":["Apple","Workgroup Manager","ShadowHash passwords","NetInfo parent","apple-2006-006"],"overview":"Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used.","clean_desc":"Workgroup Manager is a system adimistration tool in Apple Mac OS X Server that manages users, groups, and computers across a network. According to   Apple Security Update 2006-006: Workgroup Manager appears to allow switching authentication type from crypt to ShadowHash passwords in a NetInfo parent, when in actuality it does not. This issue can be easily detected by refreshing the view of an account in a NetInfo parent.","impact":"Workgroup Manager may appear to use ShadowHash passwords when crypt is used.","resolution":"Upgrade\nApple has addressed this issue in  Apple Security Update 2006-006.","workarounds":"","sysaffected":"","thanks":"This issue was reported in \n Apple Security Update \n2006-006 Apple credits \nChris Pepper of The Rockefeller University for reporting this issue.","author":"This document was written by Chris Taschner.","public":["http://secunia.com/advisories/22187/","http://docs.info.apple.com/article.html?artnum=304460"],"cveids":["CVE-2006-4399"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-02T13:17:15Z","publicdate":"2006-09-29T00:00:00Z","datefirstpublished":"2006-10-02T19:09:27Z","dateupdated":"2006-11-21T19:20:32Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"8","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}