CVE-2014-1295 - Improper Authentication

Severity

68%

Complexity

86%

Confidentiality

106%

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Demo Examples

Improper Authentication

CWE-287

The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to "remember" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the "Administrator" username, as recorded in the user cookie.


               
}

                     
}
ExitError("Error: you need to log in first");

                           

                              
);
);
DoAdministratorTasks();

Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:


               
[body of request]

By setting the loggedin cookie to "true", the attacker bypasses the entire authentication check. By using the "Administrator" value in the user cookie, the attacker also gains privileges to administer the software.

Improper Authentication

CWE-287

Overview

Type

Apple

First reported 10 years ago

2014-04-23 11:52:00

Last updated 5 years ago

2019-03-08 16:06:00

Affected Software

Apple iPhone OS 7.0

7.0

Apple iPhone OS 7.0.1

7.0.1

Apple iPhone OS 7.0.2

7.0.2

Apple iPhone OS 7.0.3

7.0.3

Apple iPhone OS 7.0.4

7.0.4

Apple iPhone OS 7.0.5

7.0.5

Apple iPhone OS 7.0.6

7.0.6

Apple Mac OS X 10.9

10.9

Apple Mac OS X 10.9.1 (Mavericks)

10.9.1

Apple Mac OS X 10.9.2

10.9.2

Apple tvOS 6.0

6.0

Apple tvOS 6.0.1

6.0.1

Apple tvOS 6.0.2

6.0.2

Apple Mac OS X 10.8.0

10.8.0

Apple Mac OS X 10.8.1

10.8.1

Apple Mac OS X 10.8.2

10.8.2

Apple Mac OS X 10.8.3

10.8.3

Apple Mac OS X 10.8.4

10.8.4

Apple Mac OS X 10.8.5

10.8.5

Apple Mac OS X 10.8.5 Supplemental Update

10.8.5

References

APPLE-SA-2014-04-22-1

APPLE-SA-2014-04-22-3

APPLE-SA-2014-04-22-2

https://secure-resumption.com/

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.