Apple PowerBook Mac OS Control Panel Security Physical Bypass

1999-05-21T00:00:00
ID OSVDB:6331
Type osvdb
Reporter msec()
Modified 1999-05-21T00:00:00

Description

Vulnerability Description

Mac OS contains a flaw that may allow a malicious user to bypass password restrictions on a PowerBook. The password settings are stored in a known file on the hard drive, and the password requirement can be disabled using disk editing software and a boot disk. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mac OS contains a flaw that may allow a malicious user to bypass password restrictions on a PowerBook. The password settings are stored in a known file on the hard drive, and the password requirement can be disabled using disk editing software and a boot disk. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and integrity.

Manual Testing Notes

Using a boot disk and hard disk editing software, change the byte at offset 3 of the 'aaaaaaaaAPWD' file from 01 to 00 to disable the security feature. The 'aaaaaaaaAPWD' file is stored in the root of the hard drive.

References:

Other Advisory URL: http://freaky.staticusers.net/macsec/data/powerbooksecurity-data.html CVE-1999-1393 Bugtraq ID: 532