Bugtraq mailing list archives
Re: Loginwindow.app and Mac OS X
From: Jacob Appelbaum <jacob () appelbaum net>
Date: Thu, 28 Feb 2008 18:28:51 -0800
oc photon wrote:
n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacob () appelbaum net> wrote:Moin moin Bugtraq readers, Bill Paul and I have discovered that LoginWindow.app doesn't clear credentials after a user is authenticated.This has already been discovered in 2004. While the author only looks at swap files, it is obvious that this is the same bug. http://seclists.org/bugtraq/2004/Jun/0417.html
Thanks for the heads up. It's very possible that this is the same bug but obviously we found it in a different context. It surely seems like it may be the original that Apple would not discuss with us. The bug number it was duped against was over 2 million bugs prior. Does that sound like Apple knew about this for nearly _4_ years (!) and didn't do anything about it? That's seriously pathetic if it's actually that case! Regards, Jacob Appelbaum
Current thread:
- Loginwindow.app and Mac OS X Jacob Appelbaum (Feb 28)
- Re: Loginwindow.app and Mac OS X oc photon (Feb 29)
- Re: Loginwindow.app and Mac OS X Jacob Appelbaum (Feb 29)
- Re: Loginwindow.app and Mac OS X Matt Johnston (Feb 29)
- Re: Loginwindow.app and Mac OS X Jacob Appelbaum (Feb 29)
- Re: Loginwindow.app and Mac OS X oc photon (Feb 29)