Apple's Lion OS At Risk To Password Vulnerability

Apple OS X 10.7 flaw would enable hacker to change a pair of passwords

Dark Reading Staff, Dark Reading

September 21, 2011

1 Min Read

A flaw in Apple OS X 10.7, aka Lion, would enable an attacker to change a user's system password without having to know the previous password. As a result, an attacker--albeit with physical access to the machine--would be able to change the boot password, as well as the password used by Apple's full-disk encryption tool, FileVault2.

The vulnerability appears to stem from a change in Lion's security model. Previous versions of OS X--back to 10.4--gave each operating system user a shadow file, or hash database (using SHA512 plus a 4-byte salt)--which could only be accessed by a user with admin-level privileges.

"It appears in the redesign of OS X Lion's authentication scheme a critical step has been overlooked," according to a blog post from security researcher Patrick Dunstan, who discovered the new password vulnerability. "Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data. This is accomplished by extracting the data straight from Directory Services." Dunstan has also released a Python script to simplify the password hash cracking process.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights