The vulnerability appears to stem from a change in Lion's security model. Previous versions of OS X--back to 10.4--gave each operating system user a shadow file, or hash database (using SHA512 plus a 4-byte salt)--which could only be accessed by a user with admin-level privileges.
"It appears in the redesign of OS X Lion's authentication scheme a critical step has been overlooked," according to a blog post from security researcher Patrick Dunstan, who discovered the new password vulnerability. "Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data. This is accomplished by extracting the data straight from Directory Services." Dunstan has also released a Python script to simplify the password hash cracking process.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.