CVE-2016-4670

Published: Feb 20, 2017Modified: May 13, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

Affected (2)

Products: Apple: Iphone Os, Mac Os X

Apple

2 products

Iphone Os

Mac Os X

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 10.0.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.12.0

Related CWEs

CWE-255

References (6)

http://www.securityfocus.com/bid/94433

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

https://support.apple.com/HT207271

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT207275

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/94433

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.apple.com/HT207271

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT207275

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.