{"id":178,"date":"2008-03-02T15:19:38","date_gmt":"2008-03-02T23:19:38","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/03\/02\/security-vulnerability-in-mac-os-x-loginwindowapp\/"},"modified":"2008-03-02T15:21:26","modified_gmt":"2008-03-02T23:21:26","slug":"security-vulnerability-in-mac-os-x-loginwindowapp","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/02\/security-vulnerability-in-mac-os-x-loginwindowapp\/","title":{"rendered":"Security Vulnerability in Mac OS X &#8211; LoginWindow.app"},"content":{"rendered":"<p><!--StartFragment-->A security vulnerability in loginwindow.app on Mac OS X was reported to <a href=\"http:\/\/www.securityfocus.com\/archive\/1\/488930\" title=\"bugtraq\">bugtraq<\/a> this week. The vulnerability is that the user password is still resident in memory after the system authenticates the user. <!--more--><\/p>\n<p>The bugtraq report states that a cold boot attack could be used to extract this information from memory, and that any attack likely requires physical access to the machine in order to get the password. The description also suggests that a malicious user sitting down at the machine would have to do more than simply read the memory in use by the loginwindow process, because only the root user can view that memory. (I confirmed this by attaching to the process using gdb with sudo).<\/p>\n<p>The severity of the issue is open for debate because of the necessity of physical access to the machine or knowing the password of a user who can use sudo (both of which indicate that the malicious user probably doesn\u2019t need to dig through memory to find the logged-in user\u2019s password); however, this vulnerability really brings to light how important it is to have security-focused coding standards in place on the development side. A simple oversight could turn into the user\u2019s password being stored (possibly multiple times) in memory for the duration of the lifetime of the loginwindow process.  <!--EndFragment--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A security vulnerability in loginwindow.app on Mac OS X was reported to bugtraq this week. The vulnerability is that the user password is still resident in memory after the system authenticates the user.<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,9],"tags":[],"class_list":["post-178","post","type-post","status-publish","format-standard","hentry","category-current-events","category-privacy"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=178"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/178\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}