A flaw has been discovered on Apple’s Mac OS X Lion platform that allows hackers to change the password of a Mac system.
The flaw, which was discovered by security blog Defence in Depth, allows non-admin users to view passwords stored in a shadow file and change them at will.
A shadow file is a file that stores the user password on Mac. The flaw won’t allow hackers to view the shadow file itself, but they can still view the password via Directory Services.
“It appears in the redesign of OS X Lion's authentication scheme a critical step has been overlooked. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data. This is accomplished by extracting the data straight from Directory Services,” the blog explained.
Lion also does not ask for authentication when someone tries to change the password(s). Simply needs to copy-paste ‘$ dscl localhost -passwd /Search/Users/bob’ to the Mac command line and a dialogue will open, asking for a new password.
The flaw should not affect users who are the only users on a Mac, but will be critical for those who work on shared systems.