CVE-2007-3754

Apple Iphone - Authentication Bypass

Title source: rule

Description

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

References (8)

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=306586

[Patch] http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

[Third Party Advisory, VDB Entry] http://osvdb.org/38537

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25856

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36845

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018752

[Third Party Advisory] http://secunia.com/advisories/26983

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3287

Scores

EPSS 0.0072

EPSS Percentile 72.2%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

apple/iphone

apple/iphone_os

Timeline

Published Sep 27, 2007

Tracked Since Feb 18, 2026