Apple security flaw exposes passwords in plain text

By on May 7, 2012
submit to reddit

Lion update accidentally reveals stored user passwords.

Tags:

A recent Mac OS update has revealed a rather embarrassing oversight of an Apple programmer. A debug flag was left on which turns on a debug log file that contains the login password of every user who has logged in to that machine since the update was applied. What’s worse is that the passwords are blatantly stored in plain text.

This means that anyone with administrator or root access can access the log file and user credentials, and use the details to access encrypted user files and folders. The surprising thing is that the flaw isn’t new – it was spotted and reported almost three months ago, but Apple have yet to issue a reply or possible fix.

The security flaw could be dangerous to businesses with confidential information and who have relied on Mac OS’s encryption for years. The flaw affects Time Machine backups as well, so in the unfortunate event that your Mac is stolen or misplaced, information can be accessed because the Time Machine backup logs will contain the required password.

(via ZDNet)


About

A former IT & Marketing Manager turned full time Editor, Nick enjoys hurling fireballs and tinkering with the latest gadgets. Follow him on Twitter as @theregos

Comments
Most Read
Most Commented
Competitions
Win two Toshiba AT200 tablets

This festive season Toshiba has 2 tablets to giveaway.

Win an MSI FM2-A85XA-G65 Motherboard

Thanks to MSI we have an great AMD FM2 motherboard to giveaway.

Win a Nokia Asha 311

Thanks to Nokia we have a great entry-level smartphone to giveaway.