Mac OS X Lion makes it unnecessarily easy for password crackers - update

    Date20 Sep 2011
    Posted ByAlex
    Security specialist Patrick Dunstan reports that Mac OS X 10.7 "Lion" allows standard non-root users to access other users' password hashes. Under Mac OS X, users' password hashes are stored in shadow files that can usually only be accessed by root users. Dunstan said that, with Lion, Apple changed the authentication procedure and introduced a flaw that allows non-root users to read the password hashes from the shadow files via the directory services.

    Using hashes, attackers can establish the original password via an automated brute-force attack. However, depending on password complexity, such an attack may take some time. As the passwords are salted when they are hashed, rainbow table attacks are very time-consuming.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.