BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

OS X Lion Fails to Protect Users’ Password Hashes

Disclosed September 18, 2011    Fully Patched

Vulnerability Description:

OS X Lion contains an information disclosure vulnerability, which permits any user to access the password hashes of any other user on the system.

Vendors:

Apple

Vulnerable Software/Devices:

Apple OS X Lion

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Information Disclosure
Information Disclosure This vulnerability allows any user on an OS X Lion system to access the password hashes of all other users on that system.

BeyondTrust Prevention and Detection:

 

Mitigation:

Limit regular users' access to the dscl utility:

sudo chmod 100 /usr/bin/dscl

Links:

CVE(s):

None

Leave a Reply