Apples Lion OS At Risk To Password Vulnerability

  /     /     /  
Publicated : 22/11/2024   Category : security


Apples Lion OS At Risk To Password Vulnerability


Apple OS X 10.7 flaw would enable hacker to change a pair of passwords



A flaw in Apple OS X 10.7, aka Lion, would enable an attacker to change a users system password without having to know the previous password. As a result, an attacker--albeit with physical access to the machine--would be able to change the boot password, as well as the password used by Apples full-disk encryption tool, FileVault2.
The vulnerability appears to stem from a change in Lions security model. Previous versions of OS X--back to 10.4--gave each operating system user a shadow file, or hash database (using SHA512 plus a 4-byte salt)--which could only be accessed by a user with admin-level privileges.
It appears in the redesign of OS X Lions authentication scheme a critical step has been overlooked, according to a blog post from security researcher Patrick Dunstan, who discovered the new password vulnerability. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data. This is accomplished by extracting the data straight from Directory Services. Dunstan has also released a Python script to simplify the password hash cracking process.
Read the full article
here
.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apples Lion OS At Risk To Password Vulnerability