Results 1 to 4 of 4
  1. #1

    OneMoreThing...'s Avatar
    Member Since
    Mar 30, 2005
    Posts
    2,717
    Post Apple update exposes Lion login passwords in clear text
    Apple update exposes Lion login passwords in clear text

    OS X 10.7.3 contains a debug flag which makes system passwords readable, checks show. Depending on the system configuration, people who update to v10.7.3 may have a widely-viewable debug log file containing passwords for all users accessing a system. The passwords are stored in plain text, making for a potentially serious security risk....


    Read more

  2. #2

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    Does anyone actually know what file these passwords are stored in? I've read this story a few times and each and every one neglects to mention the path and name of the file.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  3. #3

    cptkrf's Avatar
    Member Since
    Dec 08, 2009
    Location
    The same as Sheldon Cooper - East Texas
    Posts
    453
    Specs:
    iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
    The reports are somewhat ambiguous and quote each other in an endless loop - in fact, most reports are just cut and paste from somewhere else. But from what I can see, it only affects a certain subset of machines using filevault, and then only a filevault from an older install of Snow Leopard.

    I have grepped every log file, including everything in the huge DiagnosticMessage folder, on my machine (after a fresh login) and I find no tracks of a password in the log files.

    Then I grepped the entire log folder itself for my password and nothing was found.

    Still looking, but it appears that just a vanilla install of Lion (or SL) doesn't have the problem.


    Later edit.

    Ok. The problem is only for filevault uses who have upgraded to Lion, although the common press is yelling that OSX is an open door for anybody to enter.

    By the way, for Unix/Linux guys and gals, OSX keeps two active log folders...

    /var/log the usual place
    username/Library/Logs the unusual place

  4. #4

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    I found it - it's a log in /var/logs. More specifically, it's /var/logs/secure.log (source, source). That wasn't the easiest to find though.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Vulnerability exposes Apple MacBook batteries to 'bricking,' malware
    By OneMoreThing... in forum Apple Rumors and Reports
    Replies: 1
    Last Post: 07-23-2011, 11:57 AM
  2. passwords and login names
    By mbohn in forum OS X - Operating System
    Replies: 1
    Last Post: 10-13-2009, 06:48 PM
  3. changed passwords, still can't login
    By youdin in forum OS X - Operating System
    Replies: 4
    Last Post: 03-15-2009, 06:42 AM
  4. Login / Passwords Disaster
    By agb in forum OS X - Apps and Games
    Replies: 9
    Last Post: 04-04-2008, 02:29 PM
  5. Login's and passwords are not remembered
    By Suzie68 in forum Switcher Hangout
    Replies: 25
    Last Post: 07-28-2007, 08:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •