[Fed-Talk] Lion password weakness
[Fed-Talk] Lion password weakness
- Subject: [Fed-Talk] Lion password weakness
- From: Todd Heberlein <email@hidden>
- Date: Tue, 20 Sep 2011 09:12:49 -0700
I have not confirmed this yet.
In Lion the permissions for the user's shadow files are still restrictive and prevent tampering; however, the need for direct access can be bypassed in because the system holds the password hashes in the system's directory services, which any user can look up. As a result, the hashes can be extracted without needing to supply admin privileges, and then be run through various hacking tools and scripts to recover the user's password.
In addition to being able to extract the password hashes for a user, any user can also directly change another user's password, including those of system admins, merely by supplying the following command in the Terminal (substituting USERNAME for the short name of the target account): dscl localhost -passwd /Search/Users/USERNAME
When run, this command will appear to give an error, but if you enter the same new password at all prompts then the target account's password will be changed. This is particularly notable, because once an admin's password is changed, the hacker can log in as that the admin account and have full access to the system.
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden