Password Security Hole Discovered in Certain FileVault Configurations on OS X 10.7.3 - ehMac.ca
Facebook
Twitter
YouTube
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


Reply
 
LinkBack Thread Tools Display Modes
Old May 7th, 2012, 11:31 AM   #1
Seriously?
 
Joker Eh's Avatar
 
Join Date: Jan 2008
Location: Markham - Soon to be Mississauga, Ontario
Posts: 3,708
Exclamation Password Security Hole Discovered in Certain FileVault Configurations on OS X 10.7.3
Password Security Hole Discovered in Certain FileVault Configurations on OS X 10.7.3 - Mac Rumors
Quote:
ZDNet reports on the discovery of a significant breach of password security for certain users of Apple's FileVault encryption system under OS X Lion. Affected systems currently store the login information for every recent user of the machine in plain text, allowing for easy circumvention of encryption.

In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.

Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected.
The issue was noted last Friday by David Emery on the Cryptome mailing list.

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.

Emery also offers some suggestions for dealing with the issue, including turning on FileVault 2 and setting a firmware password on the machine in question.

The issue was actually first noted in the Apple discussion forums back on February 6, just days after OS X 10.7.3 was released to the public. That poster now notes that the issue may extend further than just the specific FileVault situation outlines by others, as he notes that he has experienced the same behavior on an OS X Lion virtual machine through VMware Fusion, without FileVault ever having been active on the installation. Consequently, the extent of the issue may not yet be fully known.

Apple has yet to offer any response to the issue, although it is unclear when the company became aware of it. Apple touts the security features of OS X Lion in its promotional materials for the operating system, with a focus on FileVault as an important component of that security, and it seems likely that the company will move as quickly as possible to investigate and fix the issue.
Joker Eh is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
OS X Dictionary - adding dictionaries? CubaMark Mac, iPhone, iPad and iPod Help & Troubleshooting 2 Sep 16th, 2007 11:19 PM
The iBook, OS 9, and X mr.steevo Mac, iPhone, iPad and iPod Help & Troubleshooting 5 Nov 6th, 2005 04:18 PM
Another security hole in OS X Macaholic Anything Mac 3 Nov 29th, 2003 10:19 AM
In moving to OS X... csonni Anything Mac 4 Jan 18th, 2003 09:28 AM


All times are GMT -4. The time now is 03:19 PM.

Contact Us - ehMac.ca: Canada's Mac, iPod and iPhone Community! - Archive - Privacy Statement - Top


Copyright © 1999 - 2012, ehMac.ca All rights reserved. ehMac is not affiliated with Apple Inc. Mac, iPod, iTunes, iPhone, Apple TV are trademarks of Apple Inc. Content Relevant URLs by vBSEO 3.6.0 RC 2

Tribe.ca: Urban living in Toronto!