Click to Skip Ad
Closing in...
  1. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  2. Self-Emptying Robot Vacuum
    16:11 Deals

    Amazon coupon slashes our favorite self-emptying robot vacuum to its lowest price ever

  3. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: $5 Alexa smart plugs, $110 electric sta…

  4. Amazon Deals
    07:59 Deals

    10 deals you don’t want to miss on Sunday: Rare Nest Thermostat sale, Alexa in your…

  5. Best Sleep Aid Products 2021
    13:11 Deals

    Save $375 on the Amazon find that helps me sleep better than anything else




OS X Lion security flaw allows anyone to change your password

September 19th, 2011 at 3:25 PM

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user. That means typing the command: “dscl localhost -passwd /Search/Users/Roger” will actually prompt you to set a new password for Roger. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access. CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure.

[Via CNET]

Read




Popular News