WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Safari | Apple | * | 4.0.5 |
Safari | Apple | 4.0 | 4.0 |
Safari | Apple | 4.0.0b | 4.0.0b |
Safari | Apple | 4.0.1 | 4.0.1 |
Safari | Apple | 4.0.2 | 4.0.2 |
Safari | Apple | 4.0.3 | 4.0.3 |
Safari | Apple | 4.0.4 | 4.0.4 |
Webkit | Apple | * | * |