Login bypass - major security hole?

Discussion in 'Mac OS X Lion (10.7)' started by brodie, Jan 2, 2012.

  1. brodie macrumors member

    Joined:
    Mar 17, 2007
    #1
    I have found a major security hole in the switch user option when using screen sharing. At least, on my Mac.

    When I screen share my Mac Pro from my MBP, with the screen saver enabled & locked, and select 'change user' it immediately logs me into the active account, without requesting a password.

    This is totally bizarre, i haven't tried it on other machines but I can repeat it every time.

    Can anyone else replicate it?

    Running 10.6.8 on MBP

    10.7.2 on flawed Mac Pro.
     
  2. Darby67 macrumors 6502

    Joined:
    Jul 5, 2011
    Location:
    the corner of Fire and Brimstone
    #2
    Not reproducible here. Only computers that have credentials saved in Keychain Access auto mount. The others do not, even if I log in, close the window and log in again.
     
  3. brodie thread starter macrumors member

    Joined:
    Mar 17, 2007
    #3
    Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

    It is set to auto mount but as far as I'm aware it shouldn't auto login when screen sharing? Especially in such a 'glitch' way.
     

Share This Page