Apple Safari Password Manager Cross-Site Information Disclosure Weakness

Apple Safari is prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.

This issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to gain access to potentially sensitive information that would facilitate the success of phishing attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus