http://www.zdnet.com/blog/security/appl ... text/11963
It seems an Apple Dev left a debug option switched on, which stores passwords in Lion 10.7.3 in the clear - for machines upgraded from Snow Leopard at least.
The problem was logged on the official Apple Support forums about 3 months ago, but so far Apple haven't addressed the problem.
 | | |
| Quote: In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text. | |
| | |
| | |
| Quote: This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for. | |
| | |
| | |
| Quote: Since the log file is accessible outside of the encrypted area, anyone with administrator or root access can grab the user credentials for an encrypted home directory tree. They can also access the files by connecting the drive via FireWire. Having done that, they can then not only read the encrypted files that are meant to be hidden from prying eyes, but they can also access anything else meant to be protected by that user name and password. | |
| | |
Probably not a major problem for single-user Mac owners who don't take their Macs with them, but could be a problem in companies or families, where people share devices or if a device is stolen.
Edit: This also affects TimeMachine backups - even though they would normally require a password for the encrypted files, the clear text password is stored in the TM log file!