CVE-2013-0963

EUVD-2013-0974
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 6.0.2
appleiphone_os
6.0
appleiphone_os
6.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://support.apple.com/kb/HT5642
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://support.apple.com/kb/HT5642