Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Network user: plain text PWs in client log?!

I was debugging a MBP (10.7.3) that would not allow network users to login, when I've stumbled over a log line on the client:

User uploaded file


The last parameter "passwordAsUTF8String" containes the password of the user I've tried to login in plain text. Huh?


I've tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.

This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.


Is this a "speciality" of our environment or is this a known bug? Can I turn this behavior off?

We are running Lion clients with a SL Server and using OpenDirectory.


Thanks,

Tarwin

Mac OS X Server-OTHER, Mac OS X (10.7.3), Open Directory, Network User

Posted on

Reply

Page content loaded

May 7, 2012 1:34 AM in response to tarwinator In response to tarwinator

I'm not sure if I can support the assumption that this is an error in filevault.


I've just tried logging in as an network user in an newly setup and updated Lion VM (VMware Fusion) and run into the same behavior. Filevault was never active on this system.


Can someone with the following environment please verify:

- OpenDirectory users with Network Home on AFP

- Lion (10.7.3) Clients

- Snow Leopard or Lion Server


Steps:

- Setup a new machine, or use one that never had filevault enabled

- Login as a (unprivileged!) network user with a Network Home on an AFP share

- logout, login as an admin user

- Check "Console" for log messages containing the string "_premountHomedir"


Please help to get to the bottom of this!

May 7, 2012 1:34 AM

Reply Helpful

May 10, 2012 12:13 AM in response to Patrick Stadelmann In response to Patrick Stadelmann

Patrick Stadelmann wrote:


Fixed in OS X 10.7.4 update : http://support.apple.com/kb/TS4272

I certainly hope so, but I'd like confirmation from tarwinator that it's fixed based on his last comment about it being bigger than FileVault.

May 10, 2012 12:13 AM

Reply Helpful

May 10, 2012 12:21 AM in response to MadMacs0 In response to MadMacs0

The problem was never in FileVault but in Login Window. This is from http://support.apple.com/kb/HT5281


Login Window

Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3

Impact: Remote admins and persons with physical access to the system may obtain account information

Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. See http://support.apple.com/kb/TS4272for more information about how to securely remove any remaining records.

CVE-ID

CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Räty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson

May 10, 2012 12:21 AM

Reply Helpful
User profile for user: tarwinator

Question: Network user: plain text PWs in client log?!