On Mac OS X 10.7.3
Apparently, with the latest Lion security update, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text!!
Looks like an Apple programmer left (by accident?) a debug flag in the most recent version of Mac OS X 10.7.3.
If you apply the latest OS X Lion update, it turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. AND... The passwords are stored in clear text!!
Apparently, since the log file is accessible outside of the encrypted area, anyone with administrator or root access can grab the user credentials for an encrypted home directory tree.
This update was released on February 1, 2012, meaning a lot of people already updated and weeks of accessing encrypted folders is now available for anyone to see.
Just a few users have noticed the bug, and those who did, Apple Support just ignored them...
Apple needs to fix this issue ASAP. Meanwhile, be extra careful and be sure to change your password now and after the patch fix!
NEWS SOURCE: http://www.zdnet.com/blog/security/...oses-lion-login-passwords-in-clear-text/11963
Our thanks to 'Gauss' for this news story!