hit tracker

Apple security blunder exposes Mac OS Lion login passwords in clear text!

Discussion in 'General Undergound Newz' started by GaryOPA, May 6, 2012.

By GaryOPA on May 6, 2012 at 9:51 PM
  1. 25,425

    GaryOPA Master Phoenix Admin Staff Member Top-Dog Brass

    Mar 18, 2006
    Design Eng.
    Tropical Island
    Home Page:
    On Mac OS X 10.7.3


    Apparently, with the latest Lion security update, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text!!

    Looks like an Apple programmer left (by accident?) a debug flag in the most recent version of Mac OS X 10.7.3.

    If you apply the latest OS X Lion update, it turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. AND... The passwords are stored in clear text!!

    Apparently, since the log file is accessible outside of the encrypted area, anyone with administrator or root access can grab the user credentials for an encrypted home directory tree.

    This update was released on February 1, 2012, meaning a lot of people already updated and weeks of accessing encrypted folders is now available for anyone to see.

    Just a few users have noticed the bug, and those who did, Apple Support just ignored them...

    Apple needs to fix this issue ASAP. Meanwhile, be extra careful and be sure to change your password now and after the patch fix!

    NEWS SOURCE: http://www.zdnet.com/blog/security/...oses-lion-login-passwords-in-clear-text/11963

    Our thanks to 'Gauss' for this news story!


Discussion in 'General Undergound Newz' started by GaryOPA, May 6, 2012.

Share This Page