NASLDB: Mac OS X FileVault Plaintext Password Logging
General
ID: 59090
Name: Mac OS X FileVault Plaintext Password Logging
Summary: Checks secure.log files for plaintext passwords
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: CVSS2#E:F/RL:U/RC:ND
Port: 0
Family: MacOS X Local Security Checks
Type: Local
Description
Plaintext passwords were discovered in a system log file. Mac OS X
Lion release 10.7.3 enabled a debug logging feature that causes
plaintext passwords to be logged to /var/log/secure.log on systems
that use certain FileVault configurations. A local attacker in the
admin group or an attacker with physical access to the host could
exploit this to get user passwords, which could be used to gain access
to encrypted partitions.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2012-0652
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/02/06
Patch Release: 2012/05/09
Plugin Release: 2012/05/14
Plugin
Version: 1.3
Filename: macosx_filevault_log_info_leak.nasl
Filesize: 5873 bytes
MD5 Hash: 6db50a5735f100db55bd83960cf8d46d
Identification: –
Require Keys: Host/local_checks_enabled", "Host/MacOSX/Version
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack