Mac OS X Lion Passwords Are Super-Easy To Hack By Any Local User

You're constantly hearing about how you need to make sure to use a secure password, but what are you supposed to do if a hacker can just change your password without even cracking it? That's what users with physical access to your computer can do on OS X Lion right now.

A similar issue in previous versions of OS X allowed Admin users to access the "shadow files" that store OS X passwords, but in Lion, non-Admin users can access the hash and salt data for passwords, which shouldn't be possible. But that's not all — it seems Directory Services in Lion don't require authentication when requesting a password change for the current user, so even if the encrypted hashes aren't cracked, the password can still be changed.

CNET's got a detailed list of ways to lock down your system until Apple releases a patch, but for now, like disabling auto-log-in, enabling sleep and screensaver passwords, and disabling guest accounts; but the long and short of it is that anyone with physical access to a Mac running Lion can access and change your password relatively easily. So be careful with that, eh? [Defence in Depth via CNET via Techmeme]


Comments

    So apple computers are more secure?

    HA!

    i love apple users, they are so dumb :)

      I think you missed the bit where an Apple user came in here and said Apple computers are more secure..
      Unnecessary attacking and a gold star for "How to be a commenting moron."

        Mr. Joel, let me quote something from the article:

        "non-Admin users can access the hash and salt data for passwords"

        that is ALL anyone needs to bruteforce your password.

        so, no Apple computers are NOT more secure then ANY other OS out there, in fact, they are the least secure.

        And lets face it, when someone chooses form over function, then yes, they are an idiot.

        However ill take that gold star from you, and give it back as the award for "not understanding my comment, or the article, or even the purpose of life"

        it is a pretty big award, do you think you can handle it?

          LOL I'm the one that doesn't understand?
          Where.. please.. show me where I said that Apple computers are the most secure.
          And the argument of "form over function" doesn't stand, as my mac functions EXACTLY the way I wish it to, which, at the end of the day, is the main thing and personal choice.
          Go away and stop trying to troll, because I'm the one getting the lulz.

            no, your Mac does not function the way YOU want it to, it functions the way APPLE want it to. That is the philosophical difference between Apple and everyone else, and the number one reason why i dont like them.

            Also, you did not say they were the most secure, but everyone knows that Apple like to say (in their advertising) that their systems are the most secure.

            Finally, you ask me to go away, yet state that you are enjoying my comments...so...you dont want to enjoy them? i.e. you wish to not be happy?

            strange logic only an Apple user could understand.

              Stop being an illogical fanboy, all he did was ask you to point something out and you went on a tangent. Dust the cheetos crumbs out of your necked and go outside.

              I'm pretty sure I know how I'd like my computer to function, having owned both mac and windows, my mac happens to do everything I need it to. No, this is not the same for everyone. Thus being personal preference.

              Also whether Apple advertises that or not, it's an advertisement, and since when do people believe them anyway? We're talking about users not advertising.

              And although I do enjoy your comments, I'm tired of Apple haters whining and trolling so generally I'd prefer to not read them and get my joys from a better source.

              Mine actually does function the way I want it to. Since the OS is actually powerful enough to let you modify the OS in what ever way you see fit. And, as long as you know what you are doing, will have no problems.

              Also PC people are always so angry.

              Mac people are a little smarter & relaxed.

              Ever wondered why?

                I don't know, maybe because we're sick of pompous Mac users trotting around the internet with a false sense of pride over a computer that is obviously flawed in the most simple areas. So excuse us for trying to enjoy this international café wildest sitting next to a bunch of snobs.

        DK is referring to the common belief held by almost all OSX users that their pc is impenetrable and immune to any malware or viruses, hence they believe they are using the safest OS, which as proved by this article, is not the case.

        Perhaps everybody should just cheer up?

          That is a very dated view.. I have not met any mac user that still believes that. Anyone that does still believe that is, indeed, dumb, but that is a very small percentage so to generalise is wrong.

      It is still achievable even with those tweaks. Any Operating System can be owned if someone has physical access. BIOS passwords and disk encryption would be more useful in this case

      Dude, take a deep breath and calm down. Some people use a computer system you don't. I'm sure you can find a way to get past this and live your life.

      Give me your windows computer and ill hack into your account for ya. It's possible on any OS, just easier on mac, which im sure apple will fix.

      Thats only using the default security, you can set it up so there are no guest users, only your account, and as well as that mine auto-logs out after 10 minutes of inactivity, then again haters gonna hate and well .... your troll was very obvious :)

    *insert fanboy rant here*

      *insert counter fanboy rant on how my preferred operating system is superior to yours*

    Physical access is enough to own pretty much any desktop PC - this isn't a security vulnerability in OS X.

    Unprivileged users being able to recover password hash+salts for other users however is definitely a huge bug if true.

    Jayzuz christ the douche level is high in this thread isn't it? DK and Joel should just get it over with and have sweaty nerd virgin sex already

      How do you have "virgin sex"?

        Both parties require WoW characters.

          Zing! Round of applause for Matt. He's here all week. Try the veal.

    I'm increasingly dismayed and baffled by Lion.

    If I had physical access to your computer, the best thing I'd do is remove the harddrive and clone it to get access to all the data. its by far the easiest considering if someone was stupid enough to leave their computer unsecured, then they would be stupid and won't encrypt any of their data.

    btw Matt wins for the explanation to "virgin sex", and Joel and DK are worse than a youtube comments section, I'm surprised neither started with "FIRST!!!1!!!11!!!!"

      Sorry, I just can't let misinformed, big headed comments go without making them look bad.. which I did.. so win?

        Anyone with physical access can change the password of a user account from the Lion Recovery Partition, using the Password Reset utility which can be accessed via Terminal.

        Just like anyone with physical access can change the password of a user account for 10.6, 10.5, 10.4, using the various OS Installer CD's and the Password Reset Utility.

        So who cares?

    The worst thing is Apple are pretty slow at fixing security flaws. i plan to hit software update in 2 weeks.

    I'd just like to say that this article is incorrect; physical access is not required. One could exploit the Lion machine through a remote or client-side browser exploit; change the users' password, and, assuming the user is an administrator, use sudo to escalate to root. In this sense it is a root exploit, and a very dangerous one.

Join the discussion!

Trending Stories Right Now