CCE-50389-6Platform: cpe:/o:apple:mac_os_14 | Date: (C)2024-04-23 (M)2024-04-23 |
Password Autofill must be disabled. macOS allows users to save passwords and use the Password Autofill feature in Safari and compatible apps. To protect against malicious users gaining access to the system, this feature must be disabled to prevent users from being prompted to save passwords in applications.
Audit:
Verify the macOS system is configured to disable password autofill with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowPasswordAutoFill').js
EOS
If the result is not "false", this is a finding.
Remediation:
Configure the macOS system to disable TouchID for unlocking the device by installing the "com.apple.applicationaccess" configuration profile with 'allowPasswordAutoFill' key set to false
Parameter:
[Yes/No]
Technical Mechanism:
Configure the macOS system to disable TouchID for unlocking the device by installing the "com.apple.applicationaccess" configuration profile with 'allowPasswordAutoFill' key set to false
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.4 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:99388 |