CVE-2014-4364Apple Iphone OS vulnerability

CWE-3102 documents2 sources
Severity
5.6MEDIUMNVD
EPSS
0.5%
top 34.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Tvos
Timeline
PublishedSep 18
Latest updateMay 14

Description

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 1.2 | Impact: 4.0

Affected Packages2 packages

NVDapple/tvos6.2+6
NVDapple/iphone_os7.1.2+9

🔴Vulnerability Details

1
GHSA
GHSA-6pqj-fh7p-c8hw: The 8022022-05-14