• Welcome to the Off-Topic/Schweb's Lounge

    In addition to the Mac-Forums Community Guidelines, there are a few things you should pay attention to while in The Lounge.

    Lounge Rules
    • If your post belongs in a different forum, please post it there.
    • While this area is for off-topic conversations, that doesn't mean that every conversation will be permitted. The moderators will, at their sole discretion, close or delete any threads which do not serve a beneficial purpose to the community.

    Understand that while The Lounge is here as a place to relax and discuss random topics, that doesn't mean we will allow any topic. Topics which are inflammatory, hurtful, or otherwise clash with our Mac-Forums Community Guidelines will be removed.

Security Alert! No security in 10.5 because of Hidden accounts

Joined
Apr 28, 2008
Messages
3
Reaction score
0
Points
1
There is a widely distributed script to create hidden accounts on 10.5. The script uses the account name "easter" with the password "easter". I found on one of my computers that I can log in by selecting "other" in the log in window and then using this account name and password. This is apparently on some public computers as well. This is an admin account.

It is possible to create these hidden accounts in 10.5 (10.4.11 and later) These accounts can not be deleted. This gives the person who creates it or is aware of it, complete control of the computer. They are able to change passwords and access anything on the computer. No account, no information is secure except in file vault.

In previous versions, only accounts numbered below 500 were invisible. These could be seen in the accounts list in terminal and deleted.
Does any one have any ideas on how to detect and delete them?
 
Joined
Jan 12, 2008
Messages
1,760
Reaction score
23
Points
38
Location
Leicester, England
Your Mac's Specs
MacBook, iPod Classic, 8GB 3G iPhone, Time Capsule
Sorry, that was extremely rude of me...
 
Joined
Oct 27, 2006
Messages
897
Reaction score
31
Points
28
Where did you run across these widely distributed scripts? And as skaheadpunk so eloquently points out, there is a bit of difference between 10.4.11 and 10.5 especially the entire NetInfo database that keeps track of user accounts.
 
Joined
Oct 22, 2007
Messages
8,967
Reaction score
287
Points
83
Location
London
Your Mac's Specs
Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver
I cannot find anything to back-up this idea, and have done a search

You can apparently create a hidden user account but you would have to run a script yourself, which would make you pretty dumb.

I found a link to a script, but will not post it on to here since it is of no real use to anybody, apart from criminals and the paranoid
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
I also found the script louishen is talking about. I do not see it as a backdoor or hack. How would a so called attacker get this into my system to hack me? If I let a person use my system? No one from the outside could do this so what is the issue?
 
Joined
Oct 10, 2004
Messages
10,345
Reaction score
597
Points
113
Location
Margaritaville
Your Mac's Specs
3.4 Ghz i7 MacBook Pro (2015), iPad Pro (2014), iPhone Xs Max. Apple TV 4K
You can get rid of it by reformatting your drive and reinstalling OSX.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top