Cookie-based Authentication Bypass Vulnerability in Apple Mac OS X Safari

Cookie-based Authentication Bypass Vulnerability in Apple Mac OS X Safari

CVE-2013-0982 · LOW Severity

AV:L/AC:L/AU:S/C:P/I:N/A:N

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

Learn more about our Network Penetration Testing.