The host is installed with Apple Mac OS X 10.7.x before 10.7.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which automatically switches it to unencrypted sessions upon failure of encrypted connections. Successful exploitation could allow attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.