CVE Vulnerabilities

CVE-2012-3741

Improper Authentication

Published: Sep 20, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Iphone_os Apple 3.0 3.0
Iphone_os Apple 3.2 3.2
Iphone_os Apple 3.1.3 3.1.3
Iphone_os Apple 1.0.2 1.0.2
Iphone_os Apple 4.3.2 4.3.2
Iphone_os Apple 4.0.2 4.0.2
Iphone_os Apple 2.2 2.2
Iphone_os Apple 1.1.1 1.1.1
Iphone_os Apple 4.2.8 4.2.8
Iphone_os Apple * 5.1.1
Iphone_os Apple 4.1 4.1
Iphone_os Apple 2.0.0 2.0.0
Iphone_os Apple 3.1.2 3.1.2
Iphone_os Apple 3.0.1 3.0.1
Iphone_os Apple 4.3.1 4.3.1
Iphone_os Apple 4.2.5 4.2.5
Iphone_os Apple 1.1.2 1.1.2
Iphone_os Apple 3.1 3.1
Iphone_os Apple 1.1.3 1.1.3
Iphone_os Apple 1.1.0 1.1.0
Iphone_os Apple 1.0.1 1.0.1
Iphone_os Apple 2.1 2.1
Iphone_os Apple 4.3.5 4.3.5
Iphone_os Apple 4.2.1 4.2.1
Iphone_os Apple 1.1.5 1.1.5
Iphone_os Apple 4.0.1 4.0.1
Iphone_os Apple 4.3.3 4.3.3
Iphone_os Apple 5.0.1 5.0.1
Iphone_os Apple 2.1.1 2.1.1
Iphone_os Apple 1.1.4 1.1.4
Iphone_os Apple 5.0 5.0
Iphone_os Apple 1.0.0 1.0.0
Iphone_os Apple 2.0.2 2.0.2
Iphone_os Apple 2.0 2.0
Iphone_os Apple 2.0.1 2.0.1
Iphone_os Apple 4.0 4.0
Iphone_os Apple 4.3.0 4.3.0
Iphone_os Apple 2.2.1 2.2.1
Iphone_os Apple 3.2.1 3.2.1
Iphone_os Apple 3.2.2 3.2.2

Potential Mitigations

References