Results 1 to 3 of 3
Discuss MAC SECURITY ISSUE! all passwords in cleartext !! :D at the Forum News and Events. - Hackint0sh.org; 3.9 Clear Text Passwords in Swap File Apple’s Security Framework does not use mlock() or ...
  1. #1
    aRt
    aRt is offline
    Administrator I AM GOD! :D Array aRt's Avatar

    Join Date
    Apr 2006
    Location
    brasil
    Posts
    93
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Exclamation MAC SECURITY ISSUE! all passwords in cleartext !! :D

    3.9 Clear Text Passwords in Swap File
    Apple’s Security Framework does not use mlock() or equivalent to prevent passwords to be
    swapped to disk. Therefore it is likely, that user passwords and other passwords from the
    Keychain will be written to the swap file in clear text. You can verify this on your own Mac by
    typing:
    sudo strings /var/vm/swapfile0 |grep -A 4 -i longname

    longname
    Sart
    password
    XXXXX... (xxxxx... means password in clear text)
    shell
    --
    longname
    ogin.done
    XTUM
    password
    XXXXX...
    --
    longname
    XTUM
    password
    XXXXX...
    XTUM
    Last edited by aRt; 08-14-2006 at 02:03 AM.



  2. #2
    Professional Array bofors's Avatar

    Join Date
    May 2006
    Posts
    80
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Enabling "secure virtual memory" in SystemPreferences->Security should deal with this.

  3. #3
    Newbie Array

    Join Date
    Aug 2006
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    There is a reason why only root has access to the swapfile. This problem exists on any platform, I think, as long as the swapfile is not encrypted.
    Probably system passwords can be prevented from being swapped out, but any application which holds passwords is prone to be swapped out anyway.

 

 

Similar Threads

  1. MacNN: Lion security hole lets hackers change account passwords
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 09-19-2011, 11:00 PM
  2. Replies: 0
    Last Post: 03-21-2011, 06:40 PM
  3. MacNN: iPhone 3.0 Mail security issue surfaces
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 08-17-2009, 08:50 PM
  4. MacNN: Firefox 3.5.1 fixes JS security issue, other bugs
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 07-17-2009, 04:00 PM
  5. [Security Issue] - Screenshots of email found in tmp folder
    By happysmp in forum Free Toolchain Software (Cydia App's)
    Replies: 6
    Last Post: 03-18-2008, 09:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 11:57 PM.
twitter, follow us!