Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OS X Lion update accidentally outs user passwords in plain text,

M

MacN3wb

macrumors newbie
Original poster
May 6, 2012
9
0
OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault

http://www.engadget.com/2012/05/06/o...in-plain-text/

With the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text.

http://www.zdnet.com/blog/security/a...ear-text/11963

If someone with more knowledge on this could tell us what to do please.
Cheers

(I have posted this twice, hopefully in the correct area now)
 
https://discussions.apple.com/thread/3715366

"Re: Network user: plain text PWs in client log?!
07.05.2012 01:34 (in response to tarwinator)
I'm not sure if I can support the assumption that this is an error in filevault.

I've just tried logging in as an network user in an newly setup and updated Lion VM (VMware Fusion) and run into the same behavior. Filevault was never active on this system.

Can someone with the following environment please verify:
- OpenDirectory users with Network Home on AFP
- Lion (10.7.3) Clients
- Snow Leopard or Lion Server

Steps:
- Setup a new machine, or use one that never had filevault enabled
- Login as a (unprivileged!) network user with a Network Home on an AFP share
- logout, login as an admin user
- Check "Console" for log messages containing the string "_premountHomedir"

Please help to get to the bottom of this!"
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back