CVE-2005-1387
Description
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cocktail 3.5.4 on Mac OS X exposes the administrative password in cleartext on the command line, allowing local users to capture it via process listing.
Vulnerability
Cocktail 3.5.4 (and possibly earlier versions) on Mac OS X passes the administrative password in cleartext on the command line when executing privileged utilities. The application uses sh -c echo 'PASSWORD' | sudo -p "" -S sudo update_prebinding -root /, which exposes the password in the process listing. Affected versions include Cocktail 3.5.4 and earlier. [1]
Exploitation
An attacker with local access can simply run ps ax while Cocktail is performing a privileged operation. The password appears as an argument in the output of the process listing. No special privileges or user interaction beyond local access are required. [1]
Impact
Successful exploitation reveals the administrative password, allowing the attacker to gain full system access, including privilege escalation and access to sensitive data. [1]
Mitigation
The vendor was contacted and version 3.6 for Mac OS X Tiger is reported to have fixed the issue. Users should upgrade to Cocktail 3.6 or later. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:kristofer_szymanski:cocktail:3.5.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.