Passwords in Swap files
"At first, this 'vulnerability' may not seem like such a big deal. After all, the swap files are only readable by root. However, a system administrator should not have it so easy if he or she would want to obtain user passwords. Passwords should never be stored in clear text _anywhere_. A malicious trojan with root privileges can now steal user password in clear text, and many users use same passwords for other accounts, so this is a big deal. In addition, Keychain passwords are also apparently stored in clear text within the swap files (I haven't tested this). I hope Apple fixes this soon!"
(Submitted by Noel Wed Jun 30, 2004 )
Our content can be syndicated: Main page Mac Page
Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author