I've submitted this as a bug report to Apple and Sophos. Sophos replied
saying they were "investigating as to whether there are ways in which we can
change our MacAPI calls" to remedy the problem. In short, here's what it
boils down to: complete cleartext credentials are shown to any user via the
mount command (possibly in other places) when a Sophos client connects via
SMB to the Sophos Enterprise server for updates.
You will see something similar to the following:
//<user>:<yourpasswordincleartext>@<server>;<user>@<server>/INTERCHK on
/Volumes/InterChk
Not terribly good. While the credentials are only displayed during the smb
interaction (a very brief period), it is rather easy to find them by
accident, or even easier to find them on purpose. Additionally, the
credentials are in all caps, which isn't quite the original password, but
it's more than enough for anyone who cares to use it for malicious purposes.
This was just an FYI for all the Sophos admins out there. I'm not sure if
this is a bug with Apple, or Sophos, but the more feedback they get, the
more likely they are to fix it.
Geoff Franks
Sr. Systems Administrator
Hauptman-Woodward Institute
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
