Bugged: Apple OSX Storing Passwords In Plain Text
0Overall Score

Apple’s recent OS X Lion suffers from a security flaw that exposes passwords in plain text.

An Apple programmer has accidentally left a debug flag in OS X Lion software which can cause passwords to appear in plain text debug log files.

Apple customers who use encryption software FileVault prior to the 10.7.3 build will be affected, with Mashable reporting those who have upgraded to FileVault 2 are not.

Apple hasn’t issued a fix yet, so changing your passwords won’t help seeing as they’ll end up in an insecure debug file too.

The flaw was spotted by David Emery, a security researcher, and enables anyone with a computer’s admin password to retrieve other user’s credentials.

“This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for,” claims Emery.