Lion Update Causes Your Passwords to Be Stored in Plain Text

 7   Tweet
!

Note: This post hasn't been updated in over 2 years.

In a recent update to OS X Lion, an Apple programmer inadvertently left a debug flag in the latest build of the operating system that turns on a system-wide debug log file. The file stores the user’s login information in plain text. The information not only contains the user’s password, but is it also in an unencrypted area.

FileVault users prior to Lion’s launch may want to consider changing login passwords. Any user with admin or root access can easily gain this information, thus compromising your data. Time Machine also stores this log file, so it is also a good to check your archives.

This glitch only affects users who enabled FireVault encryption and updated to Lion while keeping their folders encrypted. FileVault 2 users are not infected.

Source: TUAW

  • http://www.kenaudio.com/ Kenaudio

    Thanks!

    I will check that soon!!
    KA

  • Al

    wow!

    unbelievable!

  • http://www.vmrcommunications.com/blog Hugh Macken

    Good info. Thanks! Folks may also want to keep in mind what I understand are the risks of using public wifi connections even when they access secure web pages. If you could comment on that too as far as what you know of the risks, that would be great.

  • CodingJack

    It’s funny how for years we heard how much safer OSX was compared to Windows, yet the more popular OSX becomes the more they are exposed.

    • James

      Not surprising, but still 1,000 times safer than Windows by the simple nature it’s a ‘nix based OS. According to a recent report, the overwhelming majority of the malware on Macs is actually in Windows (dual-boot or virtualized)

  • Pingback: OS X Update 10.7.4 Address a Number of Issues, Fixed FileVault Bug | Envato Notes()

  • Pingback: OS X Update 10.7.4 Address a Number of Issues, Fixed FileVault Bug | Indoor Digital Billboards()