Vulnerability In OS-X 10.7 Lion Allowing to Change Passwords UN-Authorizedly

A researcher at the Defense in Depth blog has discovered a flaw in Apple's recently released operating system, OS X 10.7 (Lion), which allows passwords to be changed without knowledge of the logged in user's password. The flaw appears related to Apple's move towards a local directory service which has permissions set in an insecure manner. An attacker who has access to a logged in Mac (locally, over VNC/RDC, SSH, etc) is able to change the currently logged in user's password without knowing the existing password as would normally be required:

testmac:~ TestUser$ dscl localhost -passwd /Search/Users/TestUser
New Password:

Historically (in Snow Leopard) you would have needed to enter your existing password first to verify that you in fact are the account holder:

testmac:~ TestUser$ passwd
Changing password for TestUser.
Old Password: -OldPass-
New Password: -NewPass-
Retype New Password: -NewPass-

Not only can a logged in user change their password without knowledge of the existing password, but you can read any other users password hash and make attempts at brute forcing it. Defense in Depth showed how you can parse the hash from openly readable directory information and recover both the hash and the salt used to encrypt the password. This is another great reason to be sure you have secured your Mac properly until Apple makes a fix available. Taking the following steps will help ensure you are protected:

  • Use a secure password to prevent brute force attacks against your account using stolen hashes.
  • Enable the screensaver and set it to prompt you for your password.
  • Disable automatic logon.
  • Never leave your Mac logged in and unattended. Use a "Hot Corner" or the Keychain lock to lock your screen.

For more information and to see the researcher blog post click Here

-News Source (NS & Defence Blog)


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,
Related Posts Plugin for WordPress, Blogger...