Critical:
Moderately critical
Impact: Exposure of sensitive information
Where: From remote
OS: Apple Macintosh OS X
Description:
Chris Adams has reported a vulnerability in Mac OS X, which may allow malicious people to gain knowledge of sensitive data like user credentials.
The problem is that the Apple Filing Protocol (AFP) silently falls back to plain-text authentication when configured to use SSH when a remote host fails to accept SSH.
The vulnerability has been reported in Apple Macintosh OS X versions 10.2 through 10.3.2.
Solution:
Filter traffic to prevent plain text AFP traffic over insecure networks.
Use manual SSH or VPN tunnels.
Provided and/or discovered by:
Chris Adams
http://secunia.com/advisories/11012/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic