OS X Lion update accidentally outs user passwords in plain text,

Discussion in 'macOS' started by MacN3wb, May 6, 2012.

  1. MacN3wb macrumors newbie

    Joined:
    May 6, 2012
    #1
    OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault

    http://www.engadget.com/2012/05/06/o...in-plain-text/

    With the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text.

    http://www.zdnet.com/blog/security/a...ear-text/11963

    If someone with more knowledge on this could tell us what to do please.
    Cheers

    (I have posted this twice, hopefully in the correct area now)
     
  2. MacN3wb thread starter macrumors newbie

    Joined:
    May 6, 2012
  3. MacN3wb thread starter macrumors newbie

    Joined:
    May 6, 2012
    #3
    https://discussions.apple.com/thread/3715366

    "Re: Network user: plain text PWs in client log?!
    07.05.2012 01:34 (in response to tarwinator)
    I'm not sure if I can support the assumption that this is an error in filevault.

    I've just tried logging in as an network user in an newly setup and updated Lion VM (VMware Fusion) and run into the same behavior. Filevault was never active on this system.

    Can someone with the following environment please verify:
    - OpenDirectory users with Network Home on AFP
    - Lion (10.7.3) Clients
    - Snow Leopard or Lion Server

    Steps:
    - Setup a new machine, or use one that never had filevault enabled
    - Login as a (unprivileged!) network user with a Network Home on an AFP share
    - logout, login as an admin user
    - Check "Console" for log messages containing the string "_premountHomedir"

    Please help to get to the bottom of this!"
     

Share This Page