Caching of HTTP Authentication Credentials in Apple Safari

Caching of HTTP Authentication Credentials in Apple Safari

CVE-2015-3754 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.

Learn more about our Web App Pen Testing.