Mac OS X Security Update 2010-006 (AFP)
Apple this week released Security Update 2010-006 to patch a vulnerability in Apple Filing Protocol (AFP) – also known as File Sharing – which could allow an attacker to gain access to shared folders without a password. This only affects Mac OS X 10.6, Mac OS X Server 10.6, and File Sharing is disabled by default.
- AFPCVE-ID: CVE-2010-1820
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A remote attacker may access AFP shared folders without a valid password
Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Pike School in Massachusetts for reporting this issue.