CVE-2013-0963

LOW

Description

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

References

http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

http://support.apple.com/kb/HT5642

Details

Source: MITRE

Published: 2013-01-29

Updated: 2013-03-16

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
801018Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)Log Correlation EngineOperating System Detection
high
6717Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)Nessus Network MonitorWeb Clients
high
65578Mac OS X Multiple Vulnerabilities (Security Update 2013-001)NessusMacOS X Local Security Checks
high
65577Mac OS X 10.8.x < 10.8.3 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
6679Apple iOS < 6.1 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
64287Apple iOS < 6.1 Multiple VulnerabilitiesNessusMobile Devices
high