OS X flaw exposes passwords in plain text

Last updated 11:31 08/05/2012

Relevant offers

Digital Living

Google wants to know when users, tempted by an online advert, go to the shops Leaked: hundreds of internal Facebook documents on sex, violence, and terrorism Businessman's ransom nightmare at the hands of cyber hackers Instagram is the worst social network for young people's mental health Google's focus on AI means it will get even deeper into our lives Computer course helping 'digitally disadvantaged' saves ailing mother's family Online retail giants force NZ businesses to implement digital strategies Cyberattack hits at least 200,000 victims in 150 countries British researcher Marcus Hutchins finds kill switch, 'accidentally' stops malware crippling computers worldwide New Zealand upping digital security after 'massive' worldwide cyberattack

This post was originally published on Mashable.

An Apple programmer has accidentally left a debug flag in the most recent version of OS X Lion, which under certain conditions can cause login passwords to appear in a plain text debug log file.

The flaw affects users who have used Apple's encryption software FileVault prior to upgrading to 10.7.3, while FileVault 2 is unaffected.

To make matters worse, Apple has not issued a fix for the matter, so changing your user credentials right now does not help, as those credentials might end up in a debug log file as well.

The flaw, which was originally spotted by a security researcher David Emery, potentially enables anyone with an admin password to retrieve other user's credentials.

"This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for," claims Emery.

Mashable is the largest independent news source covering digital culture, social media and technology.

Ad Feedback

Comments

Special offers

Featured Promotions

Sponsored Content