Описание
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-0143
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49201
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5336
- http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.html
- http://osvdb.org/52579
- http://secunia.com/advisories/34254
- http://securitytracker.com/id?1021843
- http://support.apple.com/kb/HT3487
- http://www.securityfocus.com/bid/34094
- http://www.vupen.com/english/advisories/2009/0702
Связанные уязвимости
nvd
почти 17 лет назад
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.