LDAP, a protocol for authenticating users over a network connection, has become a topic of discussion amongst IT departments who deploy Macs in their enterprise. A discovery made in the way Lion authenticates and caches LDAP credentials reveals a gaping security hole.
Exploiting the hole, while not perfectly understood, only requires you to log into a machine, thus bypassing the initial login screen. Once authenticated, it appears that you can re-authenticate as any user, using any password you’d like and granted a token to access any resources the new elevated user would have access to.
While this vulnerability will most likely only effect enterprises, it is still substantial and is a huge headache for anyone using LDAP as their authentication scheme. It’s wise advice to consider delaying a Lion roll-out if your organization falls into this category.
The security of OSX has been under a lot of scrutiny lately as the OS steadily increases in market share. With widespread usage comes widespread interest in exploiting holes in any platform.