CVE-2017-13909Insecure Storage of Sensitive Information in Apple Macos

CWE-922Insecure Storage of Sensitive Information4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple MAC OS X
Timeline
PublishedDec 23
Latest updateDec 24

Description

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5apple/macosunspecified10.13
NVDapple/mac_os_x10.010.13

🔴Vulnerability Details

2
GHSA
GHSA-cvmf-9frc-7xwx: An issue existed in the storage of sensitive tokens2021-12-24
CVEList
CVE-2017-13909: An issue existed in the storage of sensitive tokens2021-12-23

📋Vendor Advisories

1
Apple
CVE-2017-13909: macOS High Sierra 10.132017-09-25
CVE-2017-13909 — Apple Macos vulnerability | cvebase