Apple Security Blunder Exposes Lion Login Passwords In Clear Text 205
An anonymous reader writes "An Apple programmer, apparently by accident, left a debug flag open in the most recent version of its Mac OS X operating system. In specific configurations, applying the OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text."
Re:Great (Score:4, Informative)
Re:Really? (Score:5, Informative)
Your login password also unlocks the encryption password for FileVault. The login passwords were apparently logged in a file outside of the encrypted image. (Only for the old pre-lion version of FileVault running under Lion)
Not really (Score:5, Informative)
FTA:
So only certain configurations, and relatively few at that.
Re:Do they have a build process? (Score:5, Informative)
Well I've seen many logging frameworks where debug logging and application logging was simply a different severity level, particularly since you may want crash/debug logs from users. All it takes is one sloppy developer that needed a log output, copy-pasted an application log line instead of a debug log line, because it's only temporary and you're going to take it out right? Both works for him. And then suddenly you end up with debug info in your production logs. I don't see why this would have to be a problem with their build process.
Re:malware (Score:3, Informative)
People who actually want security wouldn't be using an older, and slower, version of FileVault in the latest OS and also ignoring the message telling them to upgrade the FS to the latest version.
Re:malware (Score:5, Informative)
Oh yes, you're right. It sounds like it only impacts people who actually want / need security. So that's OK then.
No, because the people who actually want/need security would have already turned off the legacy FileVault (i.e., the one that only encrypts the user's home directory leaving the system directory where the log file in question is located unprotected) and turned on the new FileVault which encrypts the whole disk, including all system directories. That was one of the few really compelling features of Lion.
BTW, this is a Mac OS X 10.7.3-specific issue. It does not affect users of pre-Lion systems which only have the legacy FileVault option.
Re:Great (Score:5, Informative)
Yes, because having a known md5 hash to transmit in plain text is much more secure than having a known password to submit in plain text.
If you want to do this properly, you use SSL for login (and possibly more) or you implement a secure password exchange protocol (e.g. SRP).
Re:Great (Score:5, Informative)
The hash effectively becomes the password.
Come on now, nobody simply hash the password: you timestamp it and salt it first then hash it. That is how it is done, and you know it. So yes the parent is incorrect, but saying that hashing is useless is misinformation. If you properly hash, a sniffer will be able to use the hash as a password only once. So that is a man in the middle, that sucks but it is not a complete pwnage as you suggest it is.
Re:Great (Score:5, Informative)
Protecting against replay attacks is easy: don't allow two logins to the same account in the same window of time (30s, using Google Authenticator).
Most people won't login twice in 30s anyway, so they aren't affected.
Re:Do they have a build process? (Score:5, Informative)
All your debug flags and compiler flags and build settings etc assume the developers would properly bracket their code under proper #ifdefs .
It's safer to bracket the logging code in #ifdefs:
so that you only have to get it right one time. If you make developers repeat a process 10,000 times and they get it perfect 99.9% of those times, that means it's still screwed up in 10 places.
Re:Great (Score:5, Informative)
In this case, because it is a false allegation. He should read the article he posted (and so should you)