Mac OS X Stores Passwords As Plain-Text

Discussion in 'Mac Apps and Mac App Store' started by Punani, Sep 10, 2004.

  1. Punani macrumors regular

    Punani

    Joined:
    Jun 16, 2004
    Location:
    Los Angeles
    #1
    It appears that at least Mac OS X 10.3.X stores passwords in plain-text.

    Running this command "sudo strings -8 /var/vm/swapfile0 | grep -A 4 -i longname" Or one of the various other swap files in the directory(e.g. /var/vm/swapfile3) can yield your password in plain-text.

    Although I realize that swap files require root access and/or physical access, the swap files are simply "ready to be deleted" when Mac OS X reboots, they are not purged. One could possibly enter single-user mode or boot with the installation disks and check if the passwords are still stored somewhere.

    This could render FileVault and Keychain encryption moot.

    Found on BugTraq: http://securityfocus.com/archive/1/367116/2004-06-24/2004-06-30/2
     
  2. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #2
    That's pretty serious! I thought passwords were supposed to go through a hash function so that the real password wouldn't be stored anywhere on the system after it's creation.
     
  3. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #3
    Yes, the password is hashed, but that's a different part of the process. What is happening here is that the login panel is accepting the plaintext password from the user (which is then hasned and compared against netinfo), but that plaintext version isn't being wiped after it is used. They'll be able to fix this one, but sheesh, someone at Apple must be feeling awfully silly right now.
     
  4. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #4
    Ah .. ok ... that also explains why it would be swapped out to disk. The login panel isn't used after login, and (some part of) it isn't released from memory, apparently, so it will eventually be swapped out to disk after some user activity.
     
  5. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #5
    Yeah, the login window is a daemon, it hangs around as long as the GUI is running.
     
  6. cb911 macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #6
    wow... it works. :eek:

    well, it could be worse... lots worse. i guess we can be expecting a security update any day now?
     

Share This Page