CVE-2015-5906Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 40.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS 9
Timeline
PublishedSep 18
Latest updateMay 17

Description

The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapple/iphone_os8.4.1
Appleapple/ios_9

🔴Vulnerability Details

1
GHSA
GHSA-wwvm-wgjm-33r5: The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make2022-05-17

📋Vendor Advisories

1
Apple
CVE-2015-5906: iOS 9