[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

101924

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2794

Date: (C)2009-09-10   (M)2017-08-18 


The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.

CVSS Score: 4.6Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-36342
SECUNIA-36677
APPLE-SA-2009-09-09-1
http://support.apple.com/kb/HT3860
ipod-iphone-exchange-security-bypass(53181)

CPE    16
cpe:/o:apple:iphone_os:2.2.1
cpe:/o:apple:iphone_os:2.0.2
cpe:/o:apple:iphone_os:2.1.1
cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch
...
CWE    1
CWE-362

© 2013 SecPod Technologies