OSX security lole

Question

OSX security lole

Michael Clark

OSX security lole

Attached: screenshot 362.png (2560x1080, 2.08M)

December 2, 2018 - 22:38

Julian Harris

>(under single user mode)
>(under single user mode)
>(under single user mode)
>(under recovery)

This is literally no different from any other OS, be it Windows, Linux distros, or even FreeBSD. No desktop OS attempts to prevent reset using local-access. People are dumb and will forget passwords, we have this for a reason.

December 2, 2018 - 22:44

Kayden Martinez

ITODDLERS BTFO

Attached: images.jpg (253x199, 9K)

December 2, 2018 - 22:46

Nathaniel Stewart

method 1 (requires old password):

(under single user mode)

mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
passwd username
reboot

or

method 2 (doesn't work, the plist file doesn't exist under this directory anymore):

(under single user mode)

mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
passwd username
reboot

or

method 3 (works, prompts a mac setup screen on the next boot, old user's password can be reset under system preferences afterwards):

(under single user mode)

mount -uw /
rm /var/db/.AppleSetupDone
reboot

or

method 4 (probably works lol):

(under recovery)
Type “resetpassword” in the Terminal window and hit enter.

single user mode (parallels desktop boot flags)
devices.mac.boot_args="-s"

if anyone wants to try it out

Yeah I know you can just boot into safe mode on windows or change the sticky keys executable for cmd and get to it without even getting through the login screen. I just find it dumb whenever someone says OSX is safe lol.
I feel like, even if it's a desktop system companies like Apple and microsoft should't let this even be possible. I mean like, today we have biometry and 2FA so there's no excuse like "oh but users are dumb and forget their keys".

December 2, 2018 - 22:51

Luke Davis

>I feel like, even if it's a desktop system companies like Apple and microsoft should't let this even be possible. I mean like, today we have biometry and 2FA so there's no excuse like "oh but users are dumb and forget their keys".
Once again, dumb normies ruin everything.

December 2, 2018 - 22:58

Lincoln Rogers

that's why people encrypt their data and set firmware passwords, user. so if the computer was powered down you can't do any of that.

December 2, 2018 - 23:00

Aaron Hernandez

Yeah but your average user doesn't know/use encryption sooo....

Attached: image0.jpg (620x602, 52K)

December 2, 2018 - 23:05

Lucas Reyes

doesn't OSX use encryption by default?

December 2, 2018 - 23:06

Grayson Phillips

I believe macs with APFS formatted drives are encrypted by default however, this was a APFS volume and when I reset the old user's password and then logged into it with the new pass, all files were accessible. Maybe, as I've heard, the T2 chip allows macs to use touchID to enemcrypt the drives during login. But, I'm not sure if that's even relevant you see, what if OSX doesn't prompt you to use touchID and also lets you login using a regular password? this completely defeats the purpose of the fingerprint sensor.
Since I don't have a real mac with touchID I can't test this, but it's not like I'd ever buy trash. I'll stick to my hackintosh.

Attached: 5fcc02528df0814426411031aaea0672a2307f8463c451d57ea47013a99fa828.jpg (1080x1080, 191K)

December 2, 2018 - 23:25

Anthony Taylor

so basically apple is justifying higher price tags on new macs with useless security features?

December 2, 2018 - 23:32

1 2 ... 5 Next

OSX security lole

Last threads