Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Login bypass - major security hole?

B

brodie

macrumors member
Original poster
I have found a major security hole in the switch user option when using screen sharing. At least, on my Mac.

When I screen share my Mac Pro from my MBP, with the screen saver enabled & locked, and select 'change user' it immediately logs me into the active account, without requesting a password.

This is totally bizarre, i haven't tried it on other machines but I can repeat it every time.

Can anyone else replicate it?

Running 10.6.8 on MBP

10.7.2 on flawed Mac Pro.
 
Not reproducible here. Only computers that have credentials saved in Keychain Access auto mount. The others do not, even if I log in, close the window and log in again.
 
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

It is set to auto mount but as far as I'm aware it shouldn't auto login when screen sharing? Especially in such a 'glitch' way.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back