OS X Lion security flaw allows anyone to change your password

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user. That means typing the command: “dscl localhost -passwd /Search/Users/Roger”

Source: http://www.bgr.com/2011/09/19/os-x-lion-security-flaw-allows-anyone-to-change-your-password/

iphone 4 iphone 4 cases iphone apps iphone 5 verizon iphone 4 reviews