Apple Safari Password Manager Cross-Site Information Disclosure Weakness
BID:21329
Info
Apple Safari Password Manager Cross-Site Information Disclosure Weakness
| Bugtraq ID: | 21329 |
| Class: | Origin Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 28 2006 12:00AM |
| Updated: | Nov 29 2006 10:00PM |
| Credit: | David Teare disclosed this weakness in Apple Safari. |
| Vulnerable: |
Apple Safari 2.0.4 |
| Not Vulnerable: | |
Discussion
Apple Safari Password Manager Cross-Site Information Disclosure Weakness
Apple Safari is prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.
This issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to gain access to potentially sensitive information that would facilitate the success of phishing attacks.
Apple Safari is prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.
This issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to gain access to potentially sensitive information that would facilitate the success of phishing attacks.
Exploit / POC
Apple Safari Password Manager Cross-Site Information Disclosure Weakness
Attackers use standard HTML design utilities and webserver applications to exploit this issue.
A proof of concept by David Teare is available at the following location where a browser can be tested for this weakness.
Proof of Concept: http://tearesolutions.com/rcsr-step1.html
Attackers use standard HTML design utilities and webserver applications to exploit this issue.
A proof of concept by David Teare is available at the following location where a browser can be tested for this weakness.
Proof of Concept: http://tearesolutions.com/rcsr-step1.html
Solution / Fix
Apple Safari Password Manager Cross-Site Information Disclosure Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Apple Safari Password Manager Cross-Site Information Disclosure Weakness
References:
References:
- How to Steal Passwords from Safari's AutoFill (Teare Software Solutions)
- Safari Homepage (Apple)