Downgrade vulnerability in Keychain HTTP Authentication Credentials Storage

Downgrade vulnerability in Keychain HTTP Authentication Credentials Storage

CVE-2016-4644 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.

Learn more about our Cis Benchmark Audit For Apple Ios.