Security Flaw Allows Any Local User To Change Password

Mac OS X Lion is the eighth and current major release of Mac OS X, Apple’s desktop and server operating system for Macintosh computers. User passwords are stored over the drive on a secure location with the file namely ‘shadow files’ inside the OS X family machines. Therefore the passwords can easily be modified / cracked or decrypted by the user or any other person with full system permissions following an authenticated process.

With the recent drilling into the discussed operating system it has been found that the user’s password information can easily be breached. This happens due to the search access provided to all users on system’s directory services. That means any user can tamper the shadow files without any authentication requirement. A shadow file contains hashed password(s) which can easily be decrypted using different hacking tools and scripts.

Not only this, any user is able to modify the password for other user by using a terminal command, which may include administrator’s password information which when acquired by the hacker, gives complete system access.  Below command provided on the Terminal can do the magic. (Substitute USERNAME for the short name of the target account):

dscl localhost -passwd /Search/Users/USERNAME

On executing the above command an error will be prompted, but if the new password is repeated on all the displayed prompts the new password is assigned.

To stay on the safer side and restrict any invalid user access, Lion X users can follow the set of steps defined below until Apple releases a patch to address the problem. Follow these steps:

• Disable automatic log-in
• Enable sleep and screensaver passwords
• Disable Guest accounts
• Manage users on the system

Enable parental controls on all accounts, turning off any program that has access to the directory services, including the Terminal and X11 (for xterm).

via [CNET]