Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   OS (UNIX)  >   Apple OS X Vendors:   Apple
Mac OS X FileVault Discloses Passwords to Local Users in Certain Cases
SecurityTracker Alert ID:  1027024
SecurityTracker URL:
CVE Reference:   CVE-2012-0652   (Links to External Site)
Updated:  May 10 2012
Original Entry Date:  May 6 2012
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 10.7.3, in certain cases
Description:   A vulnerability was reported in Mac OS X. A local user can obtain passwords.

On systems that used FileVault encryption prior to OS X Lion (version 10.7.3) and have since been updated to OS X Lion version 10.7.3, user login passwords are stored in a log file in clear text. A local user with root or admin privileges can view the passwords.

FileVault 2 is not affected.

Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, and Paul Nelson reported this vulnerability.

Impact:   A local user with root or admin privileges can obtain user login passwords.
Solution:   The vendor has issued a fix (10.7.4).

The vendor's advisory will be available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC