Lion / LDAP password vulnerability!

[gunug]

According to The Register in the UK there is a known hole in the security of Lion when used with Lightweight Directory Access Protocol which is quite common out there in the real world!

QUOTE

People logging in to Macs running OS X 10.7, aka Lion, can access restricted resources using any password they want when the machines use a popular technology known as LDAP for authentication. Short for Lightweight Directory Access Protocol, LDAP servers frequently contain repositories of highly sensitive enterprise data, making them a goldmine to attackers trying to burrow their way in to sensitive networks.

http://www.theregister.co.uk/2011/08/26/ma..._security_hole/

[Xairbusdriver]

QUOTE

[LDAP] which is quite command out there in the real world!

Im assume you mean "common" not that I've ever used it...although I think Mail supports it.

From <MacFixit>:

QUOTE

This problem appears to only affect LDAP-bound systems, so if your system is not connected to a central authentication server (which has to be explicitly done by an IT administrator) then you should not be concerned with this problem. As a result, OS X systems purchased off the shelf will not be affected by this issue, so your Mac at home running OS X Lion will be safe from this vulnerability

Lots of fodder for Mac-haters, of course.

[gunug]

XABD - I changed the offending word; that's what I get for talking to my wife when I'm typing into TS!

[Xairbusdriver]

You should know by now that doing anything other than paying 150% attention to your wife's comments can lead to disastrous consequences!!! :mono: Mind-reading abilities are highly important, also!!

As for the "word," I assumed it was part of the OS's propensity to insert what it thinks we should be typing...