SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X FileVault Discloses Passwords to Local Users in Certain Cases
SecurityTracker Alert ID:  1027024
SecurityTracker URL:  http://securitytracker.com/id/1027024
CVE Reference:   CVE-2012-0652   (Links to External Site)
Updated:  May 10 2012
Original Entry Date:  May 6 2012
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 10.7.3, in certain cases
Description:   A vulnerability was reported in Mac OS X. A local user can obtain passwords.

On systems that used FileVault encryption prior to OS X Lion (version 10.7.3) and have since been updated to OS X Lion version 10.7.3, user login passwords are stored in a log file in clear text. A local user with root or admin privileges can view the passwords.

FileVault 2 is not affected.

Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, and Paul Nelson reported this vulnerability.

Impact:   A local user with root or admin privileges can obtain user login passwords.
Solution:   The vendor has issued a fix (10.7.4).

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Sun, 06 May 2012 22:56:33 +0000
Subject:  Apple Mac OS X


http://cryptome.org/2012/05/apple-filevault-hole.htm

> Apple Legacy Filevault Hole
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC