ID: IRCNE2011091258
Date: 2011-09-21
According to "itpro", A flaw in Apple’s new OS lets those with access to a Mac running Lion change passwords without knowing the user’s login details, a researcher has claimed.
In previous versions of the Apple OS, users wanting to change passwords had to enter their login information before making alterations.
Why crack hashes when you can just change the password directly?” Dunstan said. “It appears Directory Services in Lion no longer requires authentication when requesting a password change for the current user.”
Dunstan also claimed it was possible to access other users’ password hashes and therefore steal their login information.
At the time of publication, Apple had not responded to a request for comment on the alleged vulnerability.
- 2