Downgrade vulnerability in Keychain HTTP Authentication Credentials Storage
CVE-2016-4644 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
Learn more about our Cis Benchmark Audit For Apple Ios.