OS X Lion security flaw allows anyone to change your password

by Volker Weber

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion.

More >

2011-09-20 :: email :: twitter :: qr code

Comments

CNet and BGR seem to quote the original article partly wrong, as heise.de states in http://www.heise.de/newsticker/meldung/Mac-OS-X-Lion-macht-es-Passwortknackern-unnoetig-leicht-1345451.html

You can only change the password of the user executing the command, not the one of passwords from other users. If you try to change the password of another user via dscl it prompts for the other users password after asking for the new password. Try it yourself.

Christian Gut, 2011-09-20

Guter Hinweis, danke!

Volker Weber, 2011-09-20

Lion is increasingly being referred to as 'Apple's Vista' - security issues, memory leaks, incompatibilities and slowdowns aplenty. Which is a very apposite comparison, and ought to be of concern to Apple.

Nick Daisley, 2011-09-22

Old vowe.net archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Paypal vowe