OS X Lion passwords can be changed by any local user

CG68

Well-known member
Jul 12, 2011
578
24
0
Visit site
FYI for those running OS X Lion. Quote from cnet article:



In OS X, user passwords are encrypted and then are stored in files called "shadow files" which are placed in secure locations on the drive. Based on system permissions, the contents of these files can then only be accessed and modified by the user, or by administrators provided they first give appropriate authentication. This means that only the user can change its password, or if needed, then an administrator can do this by first authenticating.

Unfortunately, recent discoveries have shown that in OS X Lion this security structure is not intact, and any user on the system can modify the passwords of other local accounts quite easily. The problem at hand appears to be because of a permissions oversight that allows all users search access to the system's directory services.


Read more: OS X Lion passwords can be changed by any local user | MacFixIt - CNET Reviews
 

Trending Posts

Members online

Forum statistics

Threads
260,012
Messages
1,765,317
Members
441,221
Latest member
CØR