Flaw in OS X Lion allows unauthorized password changes

Discussion in 'privacy problems' started by PJC, Sep 20, 2011.

Thread Status:
Not open for further replies.
  1. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Cracking OS X Lion Passwords - Defence in Depth
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Read about this a few days ago. Pretty silly.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    OSX makes absolutely 0 effort to protect the computer from someone who hsa physical access to it.

    "you've always had the option of changing the password when you boot from the os disk. it's an option right in the menu. as long as you have the original system disks, you can always change your password.

    in lion, the system discs are replace by the recovery partition, and though the "reset password" option is gone from the menu, you can simply type "resetpassword" in terminal to bring it up."
     
  5. x942

    x942 Guest

    True true. and Firmware password would help but this is another reason to encrypt the HDD/SDD. I mean even if it's just the built in filevault, it's better than nothing.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yet I heard of so many "computer experts" using it. Maybe they like to hack their own OS.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Won't help much with hacking. You'd have to be right at the computer to use this.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not according to the Sophos article.

    Or, am I misunderstanding something?
     
  9. sslaza

    sslaza Registered Member

    Joined:
    Sep 27, 2011
    Posts:
    1
    Kinda. Let's see - If you are "already logged in" then presumably you know the password. huh?

    Typically password change programs force you to re-authenticate, to prevent physical access issues - to ensure that the person changing the password is really the person logged in.

    To use this, the example proof of concept given is someone who first willingly executes a java applet which is a trojan, giving some random remote person full shell access - then this flaw is used to change the password, or better yet, to steal hashes.

    So this is not a good thing, but really IMHO not really remotely exploitable, unless paired with another vulnerability.
    :)
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    WTF? What does that have to do with anything?

    It's not about the user knowing the password to log in. Obviously, if I own my system, I know the bloody password. It's rather about someone else, even remotely, being able to modify the password, without having to know the former password. So, in other words, there's no reauthentication, at all.

    Not the case. You don't have to know the former password to change it. That's the issue.

    Interesting first post, anyway. ;)

    Please, read what other users provided, like the links. I suppose you didn't, because if you did, then you wouldn't post what you posted.

    -edit-

    I'll quote again a paragraph from Sophos article.

    No need to know the existing password, according to this. Unless you can prove them all wrong, of course.
     
  11. x942

    x942 Guest

    It does beg the question. Why the hell would I let someone connect via RDP/VNC/SSH? If I let someone on via one of these I am pretty much SOL anyways. The First too I would have to go out of my way to install/activate the second is off by default.

    Those are all disabled on my system. (Firewall is set to block everything but necessary protocols)
     
Loading...
Thread Status:
Not open for further replies.