| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47C76DE3.6010805@appelbaum.net> Date: Thu, 28 Feb 2008 18:28:51 -0800 From: Jacob Appelbaum <jacob@...elbaum.net> To: oc photon <ocphoton@...il.com> Cc: bugtraq@...urityfocus.com, Matt Johnston <matt@....asn.au>, Bill Paul <wpaul@...nesium.net> Subject: Re: Loginwindow.app and Mac OS X oc photon wrote: > n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacob@...elbaum.net> wrote: >> Moin moin Bugtraq readers, >> >> Bill Paul and I have discovered that LoginWindow.app doesn't clear >> credentials after a user is authenticated. > This has already been discovered in 2004. While the author only looks > at swap files, it is obvious that this is the same bug. > > http://seclists.org/bugtraq/2004/Jun/0417.html > > Thanks for the heads up. It's very possible that this is the same bug but obviously we found it in a different context. It surely seems like it may be the original that Apple would not discuss with us. The bug number it was duped against was over 2 million bugs prior. Does that sound like Apple knew about this for nearly _4_ years (!) and didn't do anything about it? That's seriously pathetic if it's actually that case! Regards, Jacob Appelbaum
Powered by blists - more mailing lists