CVE-2015-1147
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
Date published : 2015-04-10
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html