Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.

  • Published: Jan 11, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-4644
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
apple / iphone_os - 9.3.3
apple / mac_os 10.11.0 10.11.6
apple / apple_tv - 9.2.2