Mac OS X Lion Makes It Easy for Password Crackers

"Security specialist Patrick Dunstan reports that Mac OS X 10.7 'Lion' allows standard non-root users to access other users' password hashes. Under Mac OS X, users' password hashes are stored in shadow files that can usually only be accessed by root users. Dunstan said that, with Lion, Apple changed the authentication procedure and introduced a flaw that allows non-root users to read the password hashes from the shadow files via the directory services."

Please reply back to this ticket if you found this security alert useful.