A flaw in Apple's new OS lets those with access to a Mac running Lion change passwords without knowing the user's login details, a researcher has claimed.
In previous versions of the Apple OS, users wanting to change passwords had to enter their login information before making alterations.
Why crack hashes when you can just change the password directly?
Now that step is not needed, thanks to insecure permissions in the Mac OS X Lion's local directory service, researcher Patrick Dunstan said, writing on the Defense in Depth blog.
"Why crack hashes when you can just change the password directly?" Dunstan said. "It appears Directory Services in Lion no longer requires authentication when requesting a password change for the current user."
Dunstan also claimed it was possible to access other users' password hashes and therefore steal their login information.
In previous versions of Mac OS X, only those with root access were allowed to view so-called shadow files, which contain hashes and salts used to encrypt passwords.
Although non-root users cannot access the shadow file directly, they can still gain access to information in it by extracting data from the directory services on the OS. All that needs to be done is type in the right command into Terminal to get that information, the researcher claimed.
"The interesting thing about this? Root privileges are not required," Dunstan added. "All users on the system, regardless of privilege, have the ability to access the ShadowHashData attribute from any other user's profile."
A brute force attack could be used to crack passwords once the hash and salt are acquired.
Comments on the blog showed some claiming to have exploited the flaw successfully, whilst others were unable to do so.
At the time of publication, Apple had not responded to a request for comment on the alleged vulnerability.
-
Manufacturers report millions in losses as downtime wreaks havoc on operationsNews UK manufacturers are losing up to £736 million every week due to downtime, according to new research, with outages lasting for several days on end.
-
Microsoft gives OpenAI restructuring plans the green lightNews The deal removes fundraising constraints and modifies Microsoft's rights to use OpenAI models and products
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Passwords are a problem: why device-bound passkeys can be the future of secure authenticationIndustry insights AI-driven cyberthreats demand a passwordless future…
-
LastPass just launched a tool to help security teams keep tabs on shadow IT risksNews Companies need to know what apps their employees are using, so LastPass made a browser extension to help
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?
News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
The NCSC wants you to start using password managers and passkeys – here’s how to choose the best options
News New guidance from the NCSC recommends using passkeys and password managers – but how can you choose the best option? ITPro has you covered.
