[ISN] Mac OS X login passwords put at risk

From: InfoSec News <alerts_at_private>
Date: Mon, 7 May 2012 03:46:09 -0500 (CDT)

By Jonathan E. Skillings
Security & Privacy
May 6, 2012

Last update: 1:20 p.m. PT

Users of the Lion version of Mac OS X will probably want to update their log-in 

Security researcher David Emery warns of a new vulnerability involving the 
FileVault feature in Mac OS X Lion, version 10.7.3, which allows for encryption 
of certain directories. He writes:

     Someone, for some unknown reason, turned on a debug switch
     (DEBUGLOG) in the current released version of MacOS Lion 10.7.3
     that causes the authorizationhost process's HomeDirMounter
     DIHLFVMount to log in *PLAIN TEXT* in a system wide logfile
     readible by anyone with root or admin access the login password of
     the user of an encrypted home directory tree ("legacy Filevault").

     The log in question is kept by default for several weeks...

     Thus anyone who can read files accessible to group admin can
     discover the login passwords of any users of legacy (pre LION)
     Filevault home directories who have logged in since the upgrade to
     10.7.3 in early February 2012.


LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
Received on Mon May 07 2012 - 01:46:09 PDT

This archive was generated by hypermail 2.2.0 : Mon May 07 2012 - 01:43:34 PDT