CVE-2013-0963

Опубликовано: 29 янв. 2013

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

Ссылки

http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://support.apple.com/kb/HT5642
Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://support.apple.com/kb/HT5642
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 6.0.2 (включая)

cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

2.1 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-rqhc-47vh-6vc7

github

больше 3 лет назад