CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
appleapple_tv
𝑥
< 9.2.2
appleiphone_os
𝑥
< 9.3.3
applemac_os
10.11.0 ≤
𝑥
< 10.11.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206905
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206905