On 05/04/2012 07:40 PM, David I. Emery wrote:
Someone, for some unknown reason, turned on a debug switch
(DEBUGLOG) in the current released version of MacOS Lion 10.7.3 that
causes the authorizationhost process's HomeDirMounter DIHLFVMount to log
in *PLAIN TEXT* in a system wide logfile readible by anyone with root or
admin access the login password of the user of an encrypted home
directory tree ("legacy Filevault").
That was fascinating.
I don't see much on the web about this. Just found this with a quick search:
http://forums.novell.com/novell/novell-product-discussion-forums/open-enterprise-server/oes-platform-independent/oes-kanaka-mac/455156-authorizationhost-debuglog-stores-clear-text-passwords.html
If this is new (or newly compiled) information, the [Full-Disclosure]
mailing list the standard place to send it to ensure that the widest
range of data security pros see it.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
