CVE-2016-4644

Published: Jan 11, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.

Affected (3)

Products: Apple: Apple Tv, Iphone Os, Mac Os

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Apple Tv	Before 9.2.2
Apple Iphone Os	Before 9.3.3
Apple Mac Os	From 10.11.0 to 10.11.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://support.apple.com/HT206902

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT206903

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT206905

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT206902

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT206903

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT206905

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.