hit tracker

Apple security blunder exposes Mac OS Lion login passwords in clear text!

Discussion in 'General Undergound Newz' started by GaryOPA, May 6, 2012.

By GaryOPA on May 6, 2012 at 9:51 PM
  1. 25,178
    2,239
    113
    GaryOPA

    GaryOPA Master Phoenix Admin Staff Member Top-Dog Brass

    Joined:
    Mar 18, 2006
    Media:
    1,647
    Occupation:
    Design Eng.
    Location:
    Tropical Island
    Home Page:
    http://www.O-P-A.biz
    On Mac OS X 10.7.3

    [​IMG]

    Apparently, with the latest Lion security update, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text!!

    Looks like an Apple programmer left (by accident?) a debug flag in the most recent version of Mac OS X 10.7.3.

    If you apply the latest OS X Lion update, it turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. AND... The passwords are stored in clear text!!

    Apparently, since the log file is accessible outside of the encrypted area, anyone with administrator or root access can grab the user credentials for an encrypted home directory tree.

    This update was released on February 1, 2012, meaning a lot of people already updated and weeks of accessing encrypted folders is now available for anyone to see.

    Just a few users have noticed the bug, and those who did, Apple Support just ignored them...

    Apple needs to fix this issue ASAP. Meanwhile, be extra careful and be sure to change your password now and after the patch fix!

    NEWS SOURCE: http://www.zdnet.com/blog/security/...oses-lion-login-passwords-in-clear-text/11963

    Our thanks to 'Gauss' for this news story!
     

Comments

Discussion in 'General Undergound Newz' started by GaryOPA, May 6, 2012.

Share This Page