Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: EagleO13
EagleO13 Author
User level: Level 1
6 points

Keychain infected?

After upgrading to OSX Mavericks and iOS 7.0.3, I turned on iCloud Keychain on all devices and started using it. After a while I noticed a suspicious entry in Safari's password list: website = https:// (nothing more!), userid = BP-MHHxxxxxx@t-com.de, password = xxx-xxx-xxx (the x representing letters and digits). Up to now I've seen two of these entries, same format, different x.


The userid looks like a mailadres related to t-com.de; this domain name points at T-Mobile and/or Deutsche Telekom.


These entries cannot be deleted. On mobile devices they seem to disappear, but after going out of and returning to the password list, they're back.


I tried several times to shut down Keychain on all devices, but after reconfiguring the suspicious entries reappeared.


An all new user on the Macbook is "infected" immediately as well.


A Full System virusscan using Avast! doesn't show anything I can connect to what's described above.


- Anybody else ?

- Next step ?

MacBook Air, OS X Mavericks (10.9), And iPhones 4S, iPad 4 all iOS 7.0.

MacBook Air, OS X Mavericks (10.9), And iPhones 4S, iPad 4 all iOS 7.0.

Posted on Oct 27, 2013 4:15 AM

Reply
Question marked as Best reply
User profile for user: bondingfortoday
bondingfortoday
User level: Level 1
6 points

Posted on Oct 28, 2013 4:18 PM

I have the same problem.


There's an entry in my AutoFill passwords in Safari on iOS 7 that I cannot delete.

Every time I try to delete it, it will reappear.


It's for a website with the url just being 'https://'.

The password and username belong to a different website I visit.


Does anyone know how to resolve this issue?

View in context
7 replies
Question marked as Best reply
User profile for user: bondingfortoday
bondingfortoday
User level: Level 1
6 points

Oct 28, 2013 4:18 PM in response to EagleO13

I have the same problem.


There's an entry in my AutoFill passwords in Safari on iOS 7 that I cannot delete.

Every time I try to delete it, it will reappear.


It's for a website with the url just being 'https://'.

The password and username belong to a different website I visit.


Does anyone know how to resolve this issue?

Reply
User profile for user: redaleme
redaleme
User level: Level 1
5 points

Oct 31, 2014 4:50 PM in response to EagleO13

I have found a solution.


You need to use Keychain Access on OS X. In the sidebar select iCloud. You can locate the entry by searching for the part after the @ in the email address of that entry. Right click it. Select "Delete". It will be deleted from that machine as well as any other device synced with iCloud keychain.


I did this in Mavericks, but it should work on Yosemite as well.


As far as I know there is yet no way to do this in iOS.


I filed a radar as well rdar://18835323


Hope this helps.

Reply
User profile for user: josep70
josep70
User level: Level 1
8 points

Oct 31, 2014 9:12 PM in response to redaleme

Thanks redaleme. I also got it fixed in one iPhone which did not use iCloud keychain reinstalling iOS and setting up the iPhone as new device (extreme measure that worked too). Wonder if this user id got into the device because of visiting Frankfurt airport and using the wi-fi there. If so, that's pretty bad practice from telekom.de

Reply

Keychain infected?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up