Lion security flaw with "resetpassword"

NorthDakota91 · Dec 13, 2011, 01:23 PM

Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?

Intell · Dec 13, 2011, 01:24 PM

Use a firmware password. This flaw is no different then boot the Mac from an external drive or cd.

scottishwildcat · Jan 10, 2013, 10:04 AM

I wouldn't really call it a "flaw". As any security guru will tell you, once somebody has physical access to your machine, all bets are off -- at that point, if somebody really wants access to your stuff, they can most likely get it one way or another. The best you can do is make it hard enough that they might lose interest first.

Bear · Jan 10, 2013, 10:08 AM

Two ways to avoid it. One is the firmware password. The other is Filevault 2. If the disk is encrypted, they wouldn't be able to use the reset password.

If you're worried about data security and integrity, I would recommend the FileVault 2 route as the firmware password isn't 100% secure as Apple knows how to reset it, so I'm sure others do as well.

benwiggy · Jan 10, 2013, 11:35 AM

Quote:

Originally Posted by NorthDakota91

Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?

If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.

The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.

ThirteenXIII · Jan 10, 2013, 11:41 AM

Quote:

Originally Posted by benwiggy

If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.

The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.

not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!

benwiggy · Jan 10, 2013, 12:00 PM

Quote:

Originally Posted by ThirteenXIII

not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!

Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.

In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.

Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.

ezramoore · Jan 10, 2013, 12:02 PM

Common sense is your best defense.

resetpassword is a feature not a flaw.

ThirteenXIII · Jan 10, 2013, 12:25 PM

Quote:

Originally Posted by benwiggy

Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.

In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.

Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.

well when you support enterprise level systems it is critical regardless of how "Special" or "not special" the data is. even in basic users. never underestimate the maliciousness of thieves, a slight bit of personal data is all they may need to steal your identity, cause problems, etc.

Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.

benwiggy · Jan 10, 2013, 01:05 PM

Quote:

Originally Posted by ThirteenXIII

Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.

I dunno -- erase it using Linux or Windows? I'd be surprised if diskutil didn't let you somehow, though.

But yes, encryption is of course useful. And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.
I was merely trying to highlight other physical risks that are greater than "resetpassword".
;-)

chrfr · Jan 10, 2013, 01:57 PM

Quote:

Originally Posted by benwiggy

And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.

Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.

ZMacintosh · Jan 10, 2013, 03:30 PM

Quote:

Originally Posted by chrfr

Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.

not always true, such as with schools, or businesses with off-site work.

Dec 13, 2011, 01:23 PM	#1
NorthDakota91 macrumors member Join Date: Sep 2011 Location: Italy	Lion security flaw with "resetpassword" Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that? __________________  Macbook White 7.1 (Core 2 Duo 2.4 GHz, 4GB of RAM, 500GB Momentus XT H-HDD) (Eventually, sorry for my bad english )
	0

Dec 13, 2011, 01:24 PM	#2
Intell macrumors G4 Join Date: Jan 2010 Location: Inside	Use a firmware password. This flaw is no different then boot the Mac from an external drive or cd. __________________ Last edited by Intell; Yesterday at 11:50 AM.
	0

Jan 10, 2013, 10:08 AM	#4
Bear macrumors 603 Join Date: Jul 2002 Location: Sol III - Terra	Two ways to avoid it. One is the firmware password. The other is Filevault 2. If the disk is encrypted, they wouldn't be able to use the reset password. If you're worried about data security and integrity, I would recommend the FileVault 2 route as the firmware password isn't 100% secure as Apple knows how to reset it, so I'm sure others do as well. __________________ -----Bear
	0

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
thread	Thread Starter	Forum	Replies	Last Post
HUGE Security Flaw with Passcode Lock	Walter Bell	iPhone	32	Oct 21, 2011 11:32 AM
Is this a big security flaw with Siri?	Candlelight	iOS 5 and earlier	2	Oct 19, 2011 03:18 AM
Safari & pop up blocking? Major security flaw ??	Magrathea	Mac Basics and Help	0	Sep 20, 2011 08:52 PM
Lion, full screen with external monitor? fixed?	Ulf1103	MacBook Pro	0	Aug 26, 2011 08:02 AM
iTunes 10.4 on Mac OS Lion Security error	tjanssen1990	Mac Applications and Mac App Store	4	Aug 4, 2011 06:18 PM

Jan 10, 2013, 10:04 AM	#3
scottishwildcat macrumors member Join Date: Oct 2007	I wouldn't really call it a "flaw". As any security guru will tell you, once somebody has physical access to your machine, all bets are off -- at that point, if somebody really wants access to your stuff, they can most likely get it one way or another. The best you can do is make it hard enough that they might lose interest first.
	0

Jan 10, 2013, 12:02 PM	#8
ezramoore macrumors 6502a Join Date: Mar 2006 Location: Washington State	Common sense is your best defense. resetpassword is a feature not a flaw.
	0


MacRumors Forums > Apple Systems and Services > Mac OS X > Mac OS X 10.7 Lion