[Mac-admin] Mac OS X Directory Services Lets Local Users View User Password Hashes
Robert Lukens
rlukens at jlab.org
Tue Sep 20 10:39:17 EDT 2011
FYI.
Here is DOE-CIRC's notice regarding the password exposure vulnerability
in Mac OS X Lion (10.7).
> http://www.doecirc.energy.gov/bulletins/t-721.shtml
No patch is available yet. Some mitigations are described in this
'MacFixIt' article:
> http://reviews.cnet.com/8301-13727_7-20108261-263/os-x-lion-passwords-can-be-changed-by-any-local-user/
Bob
--
Robert J. Lukens Jefferson Lab
Computer Security Manager 12000 Jefferson Ave - Suite #7
Newport News VA 23606
rlukens at jlab.org 757-269-6376 USA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : https://mailman.jlab.org/pipermail/mac-admin/attachments/20110920/376a274d/attachment.bin
More information about the Mac-admin
mailing list