FYI: Mac OS X leaking passwords of FileVault users

by Carol~ Moderator - 5/7/12 7:18 AM

Users of older Mac OS X versions who upgraded to the current Mac OS X 10.7.3, "Lion" and opted to stick with the older version of the FileVault encryption system, may have a problem. It appears that Apple developers enabled a debug option in 10.7.3 which makes the user's password appear, in clear text in a log file, whenever the user mounts the encrypted folder. The problem was identified by security expert David I. Emery who reported the issue on a security mailing list.

The problem appears to only affects users who upgraded from Snow Leopard to Lion and did not activate the new FileVault encryption on Lion which switches to encrypting the whole hard disk rather than just the user's home directory. New users and new installations of Mac OS X Lion are not believed to be exposed to this risk.

Continued :

Apple Engineering Mistake Exposes Clear-text Passwords for Lion
Apple update to OS X Lion exposes encryption passwords