An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ipados | Apple | * | 13.2 (excluding) |
Iphone_os | Apple | * | 13.2 (excluding) |
Mac_os_x | Apple | * | 10.15.1 (excluding) |
Tvos | Apple | * | 13.2 (excluding) |
Watchos | Apple | * | 6.1 (excluding) |