CVE-2014-1295Improper Authentication in Apple Iphone OS

CWE-287Improper Authentication3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 59.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple TvosApple MAC OS X
Timeline
PublishedApr 23
Latest updateMay 14

Description

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDapple/tvos6.1+3
NVDapple/iphone_os7.1+7
NVDapple/mac_os_x9 versions+8

🔴Vulnerability Details

1
GHSA
GHSA-fq75-h86r-46hg: Secure Transport in Apple iOS before 72022-05-14

📄Research Papers

1
RFC
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)2015-02-01