Login bypass - major security hole?

Discussion in 'Mac OS X Lion (10.7)' started by brodie, Jan 2, 2012.

  1. brodie macrumors member

    Mar 17, 2007
    I have found a major security hole in the switch user option when using screen sharing. At least, on my Mac.

    When I screen share my Mac Pro from my MBP, with the screen saver enabled & locked, and select 'change user' it immediately logs me into the active account, without requesting a password.

    This is totally bizarre, i haven't tried it on other machines but I can repeat it every time.

    Can anyone else replicate it?

    Running 10.6.8 on MBP

    10.7.2 on flawed Mac Pro.
  2. Darby67 macrumors 6502

    Jul 5, 2011
    the corner of Fire and Brimstone
    Not reproducible here. Only computers that have credentials saved in Keychain Access auto mount. The others do not, even if I log in, close the window and log in again.
  3. brodie thread starter macrumors member

    Mar 17, 2007
    Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

    It is set to auto mount but as far as I'm aware it shouldn't auto login when screen sharing? Especially in such a 'glitch' way.

Share This Page