CVE-2016-4644

6.5MEDIUM

Key Information:

Vendor
Apple
Status
iPhone OS
Mac Os
Apple Tv
Vendor
CVE Published:
11 January 2019

Summary

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.

References

https://support.apple.com/HT206902
x_refsource_MISC
https://support.apple.com/HT206903
x_refsource_MISC
https://support.apple.com/HT206905
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.