Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

FYI: Mac OS X leaking passwords of FileVault users

May 7, 2012 12:18AM PDT

Users of older Mac OS X versions who upgraded to the current Mac OS X 10.7.3, "Lion" and opted to stick with the older version of the FileVault encryption system, may have a problem. It appears that Apple developers enabled a debug option in 10.7.3 which makes the user's password appear, in clear text in a log file, whenever the user mounts the encrypted folder. The problem was identified by security expert David I. Emery who reported the issue on a security mailing list.

The problem appears to only affects users who upgraded from Snow Leopard to Lion and did not activate the new FileVault encryption on Lion which switches to encrypting the whole hard disk rather than just the user's home directory. New users and new installations of Mac OS X Lion are not believed to be exposed to this risk.

Continued : http://www.h-online.com/security/news/item/Mac-OS-X-leaking-passwords-of-FileVault-users-1569285.html

Related:
Apple Engineering Mistake Exposes Clear-text Passwords for Lion
Apple update to OS X Lion exposes encryption passwords

Discussion is locked