New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

Apple update exposes Lion login passwords in clear text


Post Reply New Thread Subscribe

 
Thread Tools
OneMoreThing...

 
OneMoreThing...'s Avatar
 
Member Since: Mar 30, 2005
Posts: 2,546
OneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to beholdOneMoreThing... is a splendid one to behold

OneMoreThing... is offline
Apple update exposes Lion login passwords in clear text

Quote:
OS X 10.7.3 contains a debug flag which makes system passwords readable, checks show. Depending on the system configuration, people who update to v10.7.3 may have a widely-viewable debug log file containing passwords for all users accessing a system. The passwords are stored in plain text, making for a potentially serious security risk....


Read more

Mac-Forums: On Twitter | On Facebook | On Flickr
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,674
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Does anyone actually know what file these passwords are stored in? I've read this story a few times and each and every one neglects to mention the path and name of the file.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Personal Twitter
QUOTE Thanks
cptkrf

 
Member Since: Dec 08, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 367
cptkrf is a jewel in the roughcptkrf is a jewel in the rough
Mac Specs: MacMini,2013, Intel Core i7, 16gb, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
The reports are somewhat ambiguous and quote each other in an endless loop - in fact, most reports are just cut and paste from somewhere else. But from what I can see, it only affects a certain subset of machines using filevault, and then only a filevault from an older install of Snow Leopard.

I have grepped every log file, including everything in the huge DiagnosticMessage folder, on my machine (after a fresh login) and I find no tracks of a password in the log files.

Then I grepped the entire log folder itself for my password and nothing was found.

Still looking, but it appears that just a vanilla install of Lion (or SL) doesn't have the problem.


Later edit.

Ok. The problem is only for filevault uses who have upgraded to Lion, although the common press is yelling that OSX is an open door for anybody to enter.

By the way, for Unix/Linux guys and gals, OSX keeps two active log folders...

/var/log the usual place
username/Library/Logs the unusual place
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,674
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
I found it - it's a log in /var/logs. More specifically, it's /var/logs/secure.log (source, source). That wasn't the easiest to find though.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Personal Twitter
QUOTE Thanks

Post Reply New Thread Subscribe


« Famous designer says Apple will reveal 'revolutionary' product within 8 months | Rumor: Apple to release new iMacs with Core i5, i7 CPUs in June or July »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
OS X Lion FAQs RavingMac OS X - Operating System 9 02-27-2013 02:09 PM
Finder won't start laurag OS X - Operating System 5 04-13-2012 05:46 PM

All times are GMT -4. The time now is 04:10 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?