You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: tarwinator
tarwinator Author
User level: Level 1
0 points

Network user: plain text PWs in client log?!

I was debugging a MBP (10.7.3) that would not allow network users to login, when I've stumbled over a log line on the client:

User uploaded file


The last parameter "passwordAsUTF8String" containes the password of the user I've tried to login in plain text. Huh?


I've tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.

This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.


Is this a "speciality" of our environment or is this a known bug? Can I turn this behavior off?

We are running Lion clients with a SL Server and using OpenDirectory.


Thanks,

Tarwin

Mac OS X Server-OTHER, Mac OS X (10.7.3), Open Directory, Network User

Posted on Feb 6, 2012 8:16 AM

Reply
12 replies
User profile for user: tarwinator
tarwinator Author
User level: Level 1
0 points

May 7, 2012 1:34 AM in response to tarwinator

I'm not sure if I can support the assumption that this is an error in filevault.


I've just tried logging in as an network user in an newly setup and updated Lion VM (VMware Fusion) and run into the same behavior. Filevault was never active on this system.


Can someone with the following environment please verify:

- OpenDirectory users with Network Home on AFP

- Lion (10.7.3) Clients

- Snow Leopard or Lion Server


Steps:

- Setup a new machine, or use one that never had filevault enabled

- Login as a (unprivileged!) network user with a Network Home on an AFP share

- logout, login as an admin user

- Check "Console" for log messages containing the string "_premountHomedir"


Please help to get to the bottom of this!

Reply
User profile for user: Patrick Stadelmann
Patrick Stadelmann
User level: Level 1
25 points

May 10, 2012 12:21 AM in response to MadMacs0

The problem was never in FileVault but in Login Window. This is from http://support.apple.com/kb/HT5281


Login Window

Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3

Impact: Remote admins and persons with physical access to the system may obtain account information

Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. See http://support.apple.com/kb/TS4272for more information about how to securely remove any remaining records.

CVE-ID

CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Räty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson

Reply

Network user: plain text PWs in client log?!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up