If you were one of the millions of people to download Mac OS X Lion, a major password flaw exposes your Mac to hackers who can easily gain access to your computer and lock you out of your system.
According to the security blog Defence in Depth, a flaw in the software allows ANY user on your Mac to access and change anyones password. How it’s suppose to work, is the passwords are kept encrypted in shadow files, which are located in folders that are ONLY accessible by an administrator. Any user on the Lion platform can access these fules, because of a flaw in the software. The user can then encode the password and fairly easily use a hacking program to decode the password.
The even scarier discovery, users can change the system administrators password without any programs at all. Any non-administrator can go into the Terminal app which allows the user to change the administrator’s password.
CNet has coverage on this and explains the simple prompt commands that will change the administrator password. CNet also explains the 4 steps it takes to protect yourself from hackers and users on your computer.
It is important to go through these steps if you have a shared computer or let strangers use a guest account on your Mac from time to time. The simple solutions is to require a password whenever you start your computer or come out of sleep mode or screensaver. You can also disable guest account access on your Mac and in Parental Controls, set up account management settings. This will help the problem and disallow administrator status to non-administrator users.