CVE-2009-2796

Published: Sep 10, 2009Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.

Affected (2)

Products: Apple: Iphone Os

Apple

1 product

Iphone Os

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 3.0.1
Apple Iphone Os	Version 3.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/36677

Source: cve@mitre.org

Vendor Advisory

http://support.apple.com/kb/HT3860

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/36335

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/53185

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html