Vulnerabilities > CVE-2013-4616 - Credentials Management vulnerability in Apple Iphone OS
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
- http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html
- http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html
- http://secunia.com/advisories/54886
- http://secunia.com/advisories/54886
- http://support.apple.com/kb/HT5934
- http://support.apple.com/kb/HT5934
- http://www.securitytracker.com/id/1029054
- http://www.securitytracker.com/id/1029054
- http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf
- http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf
- http://www1.cs.fau.de/hotspot
- http://www1.cs.fau.de/hotspot