Aussie Researcher Cracks OS X Lion Passwords 165
daria42 writes "Thought your Mac was secure running Apple's latest operating system? Think again. Turns out that in some respects Lion is actually less secure than previous version of Mac OS X, due to some permission-tweaking by Apple that has opened up a way for an attacker to crack your password on your Lion box. The flaw was discovered by an Australian researcher who has previously published a guide to cracking Mac OS X passwords. Sounds like Apple had better get a patch out for this."
Re:Not really cracking the passwords. (Score:5, Interesting)
But your basic point is right...he's figured out a way to capture hash/salt data, which he still should not be able to do. Since Lion uses SHA-256 hashes for its shadow file, that cracking attempt is still going to be quite difficult.
The more important part of this article is that under some circumstances, you can change the password of the logged in user without entering the current password. Now, *that* is a big deal (the degree of which is subject to valid debate).
Re:Extremely Serious (Score:3, Interesting)
Password reset doesn't work for my OS X installation. . .
$ dscl localhost -passwd
New Password:
Permission denied. Please enter user's old password:
passwd: DS error: eDSAuthFailed
DS Error: -14090 (eDSAuthFailed)
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.7.1
BuildVersion: 11B26
Changing password without any challenge (Score:5, Interesting)
While it's possible... (Score:5, Interesting)
Either it's already been patched, as I'm running the developer builds of 10.7.2, or there's an issue in his particular setup vs. a normal install that's allowing this to happen.
Stepping through the information on his own blog at: http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html [defenceindepth.net]
When performing his "dscl localhost -read /Search/Users/" I do NOT get the dsAttrTypeNative:ShadowHashData result UNLESS I have root privileges through sudo. Not even for my own user.
Re:Interesting contrast I notice here (Score:5, Interesting)
What's interesting is how every time Apple screws something up or does something unpopular, some clever guy pops in to post the requisite "now if this were Microsoft, you'd all be up in arms" post. Nevermind the same comment has been posted eleventy billion times before on this blog for more than 10 years.
Case in point: the iCon 'book banning' story [slashdot.org] from 6 1/2 years ago, where publishing house Wiley had their books pulled after they wrote what Jobs obviously viewed as an unflattering biography:
Or:
Nevermind the many highly rated comments suggesting Jobs back off [slashdot.org], recounted how Jobs screwed Woz [slashdot.org] over a petty amount of money, or called Jobs an unbelievable asshole [slashdot.org].
So clever.