[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 2.08 MB, 2560x1080, screenshot 362.png [View same] [iqdb] [saucenao] [google] [report]
68757591 No.68757591 [Reply] [Original] [archived.moe] [rbt]

OSX security lole

>> No.68757655

>(under single user mode)
>(under single user mode)
>(under single user mode)
>(under recovery)

This is literally no different from any other OS, be it Windows, Linux distros, or even FreeBSD. No desktop OS attempts to prevent reset using local-access. People are dumb and will forget passwords, we have this for a reason.

>> No.68757671 [DELETED] 


>> No.68757684
File: 9 KB, 253x199, images.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.68757760

method 1 (requires old password):

(under single user mode)

mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
passwd username


method 2 (doesn't work, the plist file doesn't exist under this directory anymore):

(under single user mode)

mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
passwd username


method 3 (works, prompts a mac setup screen on the next boot, old user's password can be reset under system preferences afterwards):

(under single user mode)

mount -uw /
rm /var/db/.AppleSetupDone


method 4 (probably works lol):

(under recovery)
Type “resetpassword” in the Terminal window and hit enter.

single user mode (parallels desktop boot flags)

if anyone wants to try it out

Yeah I know you can just boot into safe mode on windows or change the sticky keys executable for cmd and get to it without even getting through the login screen. I just find it dumb whenever someone says OSX is safe lol.
I feel like, even if it's a desktop system companies like Apple and microsoft should't let this even be possible. I mean like, today we have biometry and 2FA so there's no excuse like "oh but users are dumb and forget their keys".

>> No.68757865

>I feel like, even if it's a desktop system companies like Apple and microsoft should't let this even be possible. I mean like, today we have biometry and 2FA so there's no excuse like "oh but users are dumb and forget their keys".
Once again, dumb normies ruin everything.

>> No.68757896

that's why people encrypt their data and set firmware passwords, anon. so if the computer was powered down you can't do any of that.

>> No.68757968
File: 52 KB, 620x602, image0.jpg [View same] [iqdb] [saucenao] [google] [report]

Yeah but your average user doesn't know/use encryption sooo....

>> No.68757991

doesn't OSX use encryption by default?

>> No.68758289
File: 191 KB, 1080x1080, 5fcc02528df0814426411031aaea0672a2307f8463c451d57ea47013a99fa828.jpg [View same] [iqdb] [saucenao] [google] [report]

I believe macs with APFS formatted drives are encrypted by default however, this was a APFS volume and when I reset the old user's password and then logged into it with the new pass, all files were accessible. Maybe, as I've heard, the T2 chip allows macs to use touchID to enemcrypt the drives during login. But, I'm not sure if that's even relevant you see, what if OSX doesn't prompt you to use touchID and also lets you login using a regular password? this completely defeats the purpose of the fingerprint sensor.
Since I don't have a real mac with touchID I can't test this, but it's not like I'd ever buy trash. I'll stick to my hackintosh.

>> No.68758365

so basically apple is justifying higher price tags on new macs with useless security features?

>> No.68758383


>> No.68758430

>jumps 300 hoops with physical/admin access and know old password
>security hole
jesus christ how pathetic

>> No.68758493

TouchID doesn't encrypt. Mac users (with actual Mac hardware) are prompted when they start up their computer for the first time to set up FileVault 2. Ontop of that Macs with the T2 chip have hardware based encryption on top of that. TouchID only works after you've already logged in once after booting up, and if you've lastly used your Mac within the last 24 hours. It doesn't unencrypt using TouchID. Unlocking a drive, on a software level occurs when logging in from the machine being turned off.

>> No.68758674
File: 372 KB, 1552x1050, screenshot 363.png [View same] [iqdb] [saucenao] [google] [report]

You're not prompted to give a username and password on OSX when you boot into single user mode or recovery.

>> No.68758693

>"root device is mounted read only"

>> No.68758728

I know how to read anon!
Anyways, the only purpose of that screenshot was to show that you can do it without knowing the old admin's password as >>68758430 mentioned.

>> No.68758776

I'm pretty sure that no password is prompted by design if you enter recovery or single user mode. You can wipe the drive in recovery if needed, as well as disable/enable system integrity protection. The idea behind recovery is that it has full access over the hardware (can't read encrypted containers though) so that you can set it back up correctly if necessary. You need root access to reinstall macOS. It's not a vulnerability since you cannot change anything on the drive itself if you do not have the password.

>> No.68758794

Most people don't need to encrypt anything. It's there for those who have security controls requiring encryption.

>> No.68758862

it's not a security loophole, it's that way by design
if you want actual security, encrypt your drive using filevault

>> No.68758901

It still allows someone who stole your machine to gain access to your files as long as they know how to use recovery. So it's a vulnerability no matter the operating system. And the "just use encryption bro" argument is kinda meh, I mean, is it easy to setup? yeah sure, but we have to think about the dumb/lazy users anon! I mean, why the fuck would companies like microsoft/apple/canonical/red hat etc.. design systems to behave like this? why can't they just use 2FA (regular password + fingerprint) and prevent password resets unless the owner of the machine confirms the action through windows hello/touchID whatever?

>> No.68758929

users are prompted to turn on FileVault when creating a user account/installing the OS, so yes, it is easy to set up

>> No.68758950

Also, I'm pretty sure every single OS is this way by default
Works on all GNU/Linux or BSD OSes I've ever tried

>> No.68758961

>mv osk.exe osk.exe.bk
>cp cmd.exe osk.exe
>click onscreen keyboard button
>type in net user user new_pass
>enter the new username on the login screen
>log in
micropajeets btfo

>> No.68758972

I got kicked out of the apple store but i have the employee information on my thumbdrive, will upload to mega after I get back

>> No.68758980
File: 2.18 MB, 600x338, drop_down_menu_0.gif [View same] [iqdb] [saucenao] [google] [report]

>OSX anything

>> No.68759030

Well, I've never been prompted to setup filevault when installing OSX or creating a user account.
But I still want to know how touchID works on real hardware because >>68758493 didn't really explain it properly.
What happens when you boot up the system and get to the login screen? does it allow you to login only by using the fingerprint sensor or can you just type the password down aswell? what happens when you reset a user's password? does it still ask for touchID confirmation upon the next login with the new password? does it reset touchID aswell?
yeah I already mentioned that you can do that

>> No.68759045


>> No.68759175
File: 60 KB, 1024x1004, 1542354153201.jpg [View same] [iqdb] [saucenao] [google] [report]

is there even a way on linux to prevent someone from changing user's password or even booting into recovery at all with another password?

>> No.68760808

Not a vulnerability, it's by design, that's why if you really care about the security of your system, you encrypt the boot drive so that you have to enter the decryption password before you can locally access the drive the OS sits on. LUKS encryption with Linux, Veracrypt with Windows, FileVault on MacOS etc.

>> No.68761225

Do these work in 10.4?

>> No.68761611

Only a problem if the home directory isn't encrypted. There are bootable flash drives and CDs that automatically remove every password on a Windows installation, a user account password is nothing without proper encryption of user data.

>> No.68762450

When you boot up the machine, you have to put in the password. TouchID can only be used when waking for sleep. It works very similar to how it is on an iPhone.

>> No.68762799

based satania poster

>> No.68762975

technically there is a way to keep them from booting into recovery by deleting it but if someone has physical access to your computer they are pretty much guaranteed to get in.

>> No.68762985
File: 1.42 MB, 964x720, apple-solid-security.webm [View same] [iqdb] [saucenao] [google] [report]


>> No.68764643
File: 103 KB, 1218x402, file.png [View same] [iqdb] [saucenao] [google] [report]

You have to set up encryption yourself, like in most OSs, it is not on by default.

>> No.68764661

encrypt disk, just like in macos


>> No.68765191


>> No.68765230
File: 284 KB, 960x639, D23F368B-408E-44E4-A61E-E5E3521D5D96.png [View same] [iqdb] [saucenao] [google] [report]


>> No.68765282
File: 13 KB, 376x376, image (1).png [View same] [iqdb] [saucenao] [google] [report]

please tell me this is fake

>> No.68765307

WTF is wrong with "PoC"?

>> No.68765383

Even with my hard drive encrypted, I set a firmware password so that my MacBook is utterly useless to anyone who decides to steal it. Can’t wipe the drive and can’t boot off an external disk.

>> No.68765576

It was real but they released a patch for it the same day it was discovered.

>> No.68765590

Also, it was a GUI error in Disk Utility only, the text field for password was incorrectly assigned to the hint. If your APFS volume/container was made through terminal commands or when you initially set up your computer, you didn't have this issue.

>> No.68765704

>It still allows someone who stole your machine to gain access to your files as long as you didn't encrypt your drive.
I don't even like Apple, but man, you are stupid.

>> No.68766298

Why would you call somebody a piece of crap?

>> No.68766717

Someone anon doesn't like used to word so it's now forbidden. Anon is a hypocrite who doesn't realize that he's acting just like your average sjw by mocking words other people use.

>> No.68766829
File: 44 KB, 650x300, banner-014.png [View same] [iqdb] [saucenao] [google] [report]

Typical fuckup for unix and unix-like OS.

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.