A blogger claims he has discovered the security flaw in Apple's Mac OS X Lion which may help hackers extract the password hashes of any system users and change their access codes without authorization.
"It appears Directory Services in Lion no longer requires authentication when requesting a password change for the current user," writes security blogger Patrick Dunstan. "So, in order to change the password of the currently logged in user, simply use:
$ dscl localhost -passwd /Search/Users/bob."
Dunstan said that previously only a user with admin (root) privileges to a system was able to receive the password hashes for other users, which are kept in 'shadow files'. However, with Mac OS X Lion this restraint can be easily cracked. "It appears in the redesign of OS X Lion's authentication scheme a critical step has been overlooked."
"Lion actually provides non-root users the ability to still view password hash data. This is accomplished by extracting the data straight from Directory Services. All users on the system, regardless of privilege, have the ability to access the ShadowHashData attribute from any other user's profile", The Register quoted him as saying.
A few years ago, Patrick had published important information about cracking Mac OX S passwords.