iOS 13 & iPadOS bug said to allow unauthenticated access to usernames & passwords
A bug in the current iOS 13 and iPadOS betas reportedly allows people to bypass security and access usernames and passwords in the Settings app — though in practice, the issue is a relatively minor threat.
Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.
Apple has been warned about the problem, but has yet to acknowledge it. Betas are inherently prone to bugs however, making it likely Apple will patch the vulnerability before the finished versions of iOS 13 and iPadOS launch this fall.
The most recent public betas were issued on July 8. Indeed based on Apple's normal timing, fourth developer seeds should arrive sometime this week.
The iDeviceHelp clip was first spotted by 9to5Mac.