OS X Lion security flaw allows anyone to change your password
by Volker Weber
Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion.
Comments
CNet and BGR seem to quote the original article partly wrong, as heise.de states in http://www.heise.de/newsticker/meldung/Mac-OS-X-Lion-macht-es-Passwortknackern-unnoetig-leicht-1345451.html
You can only change the password of the user executing the command, not the one of passwords from other users. If you try to change the password of another user via dscl it prompts for the other users password after asking for the new password. Try it yourself.
Guter Hinweis, danke!
Lion is increasingly being referred to as 'Apple's Vista' - security issues, memory leaks, incompatibilities and slowdowns aplenty. Which is a very apposite comparison, and ought to be of concern to Apple.