The host is installed with Apple Mac OS X 10.6.8 or 10.7.x before 10.7.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which returns the value of the salt argument instead of the hashed string. Successful exploitation could allow attackers to bypass authentication via an arbitrary password.