Using Filevault?? Password in plain text...

Encryption passwords exposed by Apple's Lion OS X update. 

In the February Lion OS X 10.7 update, a debug option was apparently left enabled in FileVault, resulting in users’ passwords being saved in plain text in a log file accessible outside the encrypted areas, David Emery, head of Die Consulting, explained in an email to Cryptome.

“Anyone who can read files accessible to group admin can discover the login passwords of any users of legacy (pre-Lion) FileVault home directories who have logged in since the upgrade to 10.7.3 in early February 2012”, Emery said.

 

Simply execute in terminal to see for yourself...we did this with one of our own systems at High Desert Technology and sure enough there it was.  

 

grep yourpassword /var/log/*

 

This was brought to Apples attention in February when first discovered..it is just now making bigger news after still being an issue..APPLE??

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings