Bugtraq mailing list archives
Re: Mac OS 9 Multiple Users Control Panel Password Vulnerability
From: "K. M. Ellis" <protozoa () TUX ORG>
Date: Tue, 2 Jan 2001 13:04:25 -0500
On Fri, 29 Dec 2000, Todd Kirby wrote:
Mac OS 9.04 comes with a 'Multiple Users' Control Panel that allows an administrator (called 'Owner') to create user accounts (called 'Normal' users) with limited access to the computer.
I'd like to point out that if your Mac is configured to share out your system folder with any level of access, you're screwed regardless of which OS version you're running. As far back as OS 7.6.1 (and probably earlier) your Users and Groups preferences file has all user and administrator passwords encoded using wimpy 40-bit DES encryption. You don't want any users getting into it. Thanks for taking the time to point this vulnerability out, but I consider it yet _another_ reason not to share out the system folder. It should also be stated that this vulnerability probably applies to Mac 9.x systems running Appleshare IP, although I have no way to test this. Respectfully submitted, -K -- Kathleen M. Ellis, P.A.B. -- KB3CWP -- http://www.tux.org/~protozoa Technology. Politics. Get a clue. http://www.cluebot.com "Muhammad Ali, one of my very few heroes, once took the time to explain to me that 'there are no jokes. The truth is the funniest joke of all.' Ho ho. It takes a special kind of mindset to believe that and still have smart people call you Funny. I have never quite understood it." Hunter S. Thompson _Fear and Loathing in America_
Current thread:
- Mac OS 9 Multiple Users Control Panel Password Vulnerability Todd Kirby (Jan 02)
- Re: Mac OS 9 Multiple Users Control Panel Password Vulnerability K. M. Ellis (Jan 02)
- <Possible follow-ups>
- Re: Mac OS 9 Multiple Users Control Panel Password Vulnerability Josh Turiel (Jan 03)