• After more than 15 years covering everything Apple, it’s with a heavy heart we announce that we will no longer be publishing new content on iMore and the iMore forums will be closing as of November 1st, 2024.

OS X Lion passwords can be changed by any local user

CG68

Well-known member
Jul 12, 2011
578
24
0
Visit site
FYI for those running OS X Lion. Quote from cnet article:



In OS X, user passwords are encrypted and then are stored in files called "shadow files" which are placed in secure locations on the drive. Based on system permissions, the contents of these files can then only be accessed and modified by the user, or by administrators provided they first give appropriate authentication. This means that only the user can change its password, or if needed, then an administrator can do this by first authenticating.

Unfortunately, recent discoveries have shown that in OS X Lion this security structure is not intact, and any user on the system can modify the passwords of other local accounts quite easily. The problem at hand appears to be because of a permissions oversight that allows all users search access to the system's directory services.


Read more: OS X Lion passwords can be changed by any local user | MacFixIt - CNET Reviews
 

Trending Posts

Members online

Forum statistics

Threads
262,083
Messages
1,773,894
Members
441,389
Latest member
Jethro7