Mac OS X Lion Passwords Are Super-Easy To Hack By Any Local User

Mac OS X Lion Passwords Are Super-Easy To Hack By Any Local User

You’re constantly hearing about how you need to make sure to use a secure password, but what are you supposed to do if a hacker can just change your password without even cracking it? That’s what users with physical access to your computer can do on OS X Lion right now.

A similar issue in previous versions of OS X allowed Admin users to access the “shadow files” that store OS X passwords, but in Lion, non-Admin users can access the hash and salt data for passwords, which shouldn’t be possible. But that’s not all — it seems Directory Services in Lion don’t require authentication when requesting a password change for the current user, so even if the encrypted hashes aren’t cracked, the password can still be changed.

CNET’s got a detailed list of ways to lock down your system until Apple releases a patch, but for now, like disabling auto-log-in, enabling sleep and screensaver passwords, and disabling guest accounts; but the long and short of it is that anyone with physical access to a Mac running Lion can access and change your password relatively easily. So be careful with that, eh? [Defence in Depth via CNET via Techmeme]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.