Lion subject to major LDAP vulnerability


LDAP, a protocol for authenticating users over a network connection, has become a topic of discussion amongst IT departments who deploy Macs in their enterprise. A discovery made in the way Lion authenticates and caches LDAP credentials reveals a gaping security hole.

Exploiting the hole, while not perfectly understood, only requires you to log into a machine, thus bypassing the initial login screen. Once authenticated, it appears that you can re-authenticate as any user, using any password you’d like and granted a token to access any resources the new elevated user would have access to.

While this vulnerability will most likely only effect enterprises, it is still substantial and is a huge headache for anyone using LDAP as their authentication scheme. It’s wise advice to consider delaying a Lion roll-out if your organization falls into this category.

The security of OSX has been under a lot of scrutiny lately as the OS steadily increases in market share. With widespread usage comes widespread interest in exploiting holes in any platform.

Source: MacRumor Forums
Via: MacNN

Josh is the Social Media Director and Sr. Systems Engineer for a startup toy company. He is freakishly into just about anything tech related. When he's not writing, he can be found inventing products at Quirky, or doing 3D renders for other inventors.