The vulnerability, which can be exploited remotely, occurs because of an error handling issue in the AFP server, the company warned in a brief advisory.
- CVE-2010-1820 (available for Mac OS X v10.6.4 and Mac OS X Server v10.6.4)
- An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6.