Apple Addresses a Bug That Caused Disk Utility in macOS High Sierra To Expose Passwords of Encrypted APFS Volumes (macrumors.com) 85
Joe Rossignol, writing for MacRumours: Brazilian software developer Matheus Mariano appears to have discovered a significant Disk Utility bug that exposes the passwords of encrypted Apple File System volumes in plain text on macOS High Sierra. Mariano added a new encrypted APFS volume to a container, set a password and hint, and unmounted and remounted the container in order to force a password prompt for demonstration purposes. Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint. [...] Apple has addressed this bug by releasing a macOS High Sierra 10.13 Supplemental Update, available from the Updates tab in the Mac App Store.
The bug is in Disk Utility GUI volume creation (Score:5, Informative)
When creating a new volume, it apparently puts the password into the password hints field.
If you create a new volume using command-line tools, things are fine.
The encryption is still OK; this bug just leaves the key to the front door under the mat.
Which is still appalling.
Re: (Score:2, Insightful)
How is it able to show the plain text password to begin with? Sounds like the password isn't hashed or encrypted itself to begin with and stored as plaintext somewhere. The system shouldn't know what the password is.
Re:The bug is in Disk Utility GUI volume creation (Score:5, Interesting)
When creating a new volume, [the Disk Utility GUI] apparently puts the password into the password hints field.
A hint needs to be plaintext to read it later, the error was the utility saving the *password*, not the *hint*, in the hint field.
Re: (Score:2)
Any idea how long it has been that way?
Re: (Score:2)
Any idea how long it has been that way?
Well, considering that High Sierra has only been out for a couple of weeks, I'd say about that long.
Re: The bug is in Disk Utility GUI volume creation (Score:2, Insightful)
Re: (Score:2)
Your opinion has even less value than his guess, and yet you still posted it - both of you have the same right to do so.
Re: (Score:2)
16 months at a maximum, maybe?
APFS is still fairly young. I've been nervous about it. Not for reasons such as these, but just the whole "early adoption" thing.
Re: (Score:2)
Right, the system shouldn't know, that's why this is a bug.
When creating a new volume, [the Disk Utility GUI] apparently puts the password into the password hints field.
A hint needs to be plaintext to read it later, the error was the utility saving the *password*, not the *hint*, in the hint field.
Maybe they just wanted to be really sure the user got the hint?
Re: (Score:2)
Right, the system shouldn't know, that's why this is a bug.
When creating a new volume, [the Disk Utility GUI] apparently puts the password into the password hints field.
A hint needs to be plaintext to read it later, the error was the utility saving the *password*, not the *hint*, in the hint field.
This sounds to me like some "Development" code that got left in the GM by mistake, rather than a fundamental design flaw.
Happens.
Re: The bug is in Disk Utility GUI volume creation (Score:4, Insightful)
Re: (Score:2)
Typical at Apple, where shit like "GotoFail" is a regular occurrence.
Shitty developers with nonreviewed code in important security places, no QA and test procedures... bugs can show up in corner cases, but not in THE FUCKING USE CASE.
Who the fuck is running things over there?
A REGULAR occurence?!? You mean ONCE, right?
Just like the bug in BASH that went for 25 YEARS with NONE of the "Many Eyes" spotting it???
FOAD, tool!
Re: (Score:2)
Doesn't having a "hint" imply that the system has stored the actual password somewhere? If not, what is the hint going to do, return an encrypted password?
No. It doesn't even come close to implying that. Why would you think such a thing?
Your username, real name, and the hint are all text value stored in plain text as they should be.
Your password is a different value stored hashed.
When you type a password wrong, clicking "show hint" is expected to return *the hint value you entered*
The hint actually has less to do with your password (nothing) than it has to do with your username (the thing the hint is linked to, just like your name and user icon and everythi
Re: The bug is in Disk Utility GUI volume creation (Score:2)
Not necessarily true: if you want the system to be able to mount a volume without user intervention (or boot from it), it must know the whole password, a hasj is not enough for decryption. Of course the password should be properly encrypted with a not easily accessible system-level key.
Re: (Score:2)
Why would you password-protect a file or volume to begin with if you want the system to be able to decrypt it without user intervention? The purpose of encryption is to prevent unauthorized access, not allow it.
Re: (Score:2)
Because some systems are implicitly trusted. Like my removable HDD which I plug in to my home computer, that gets auto-mounted. It doesn't on my laptop*.
The protection should match the threat. A lot of encryption is to stop basic things like a thief selling a HDD of yours full of data on ebay.
*But it could be too. Windows 10 relies on your login credentials to protect the key to auto-decrypt drives. This is why having a windows password in place is sufficient to protect bit-locker encrypted drives even if t
Re: (Score:3)
The system still doesn't know what the password is. So far as it knows, the thing it's showing you really is the password hint.
As the GP suggested, the bug isn't technically that the password is being stored in plaintext, though that is a consequence of the bug. Rather, the bug is that the hint's value is being set to the password's value when a user sets up a new encrypted volume in the version of Disk Utility that shipped with High Sierra.
Thankfully, this only affected users on the latest version of the O
Re: (Score:2)
When creating a new volume, it apparently puts the password into the password hints field.
If you create a new volume using command-line tools, things are fine.
The encryption is still OK; this bug just leaves the key to the front door under the mat.
Which is still appalling.
But it is also fixed.
Re: The bug is in Disk Utility GUI volume creation (Score:2)
if you don't want to wait, here's the diff so you can patch yourself
- store.volumes.apfs.hint = password
+ store.volumes.apfs.nsahint = password
Re: (Score:2)
So it seems that Apple fixed the issue faster than slashdot was able to publish its report?
Pretty much, yeah.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
How useful is certification anyways say vs. LSB?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What? Plain English please. If the only reason is to satisfy bureaucracy, then it doesn't really seem like a reason to me. Sure, you want hardware validated to your OS, but the UNIX specification doesn't include a Hardware Abstraction Layer, so any hardware validation is going to be OS specific and not portable like POSIX is.
There probably is some legacy stuff floating around out there that nobody understands except that it goes haywire if compiled against anything out of spec, but you aren't going to find
Re: Get a proper computer (Score:2)
Re: (Score:2)
Don't be thick. Is there a fundamental technical reason, and does it apply to your average desktop or server? Ya I get that you're a cog in a corporate machine and you have to obey the logic of the machine. The question is weather the machine is operating on good logic or old and broken assumptions that that are costing them money. And you can always sent a proposals back up the chain to modify requirements for reason a-c and x-z.
Re: (Score:2)
The day you pay my salary, I'll get advice from you about how not to listen to my company and my clients about their exact requirements. Until then, you're just an arrogant individual who thinks they know more than my clients about what they specified as a requirement. If it says "Must install Redhat Linux ES" that's what they will get. We don't install Ubuntu Linux and tell them they'll save money. If it says x86-64 processors with ECC support, we don't get them a Pentium D and a lecture about how they can
Re: (Score:2)
Got it, You don't actually know if there's a technical reason or not, and how widely applicable it is.(Obviously I'm not aware of any otherwise I wouldn't have asked the question) Further, you don't really care as long as you get paid.
Re: Get a proper computer (Score:2)
Let me make this absolutely clear to you on this point: you have no fucking clue as to why my clients specify "certified Unix" sometimes as they don't detail every single reason behind their requirements. But unlike you I don't presume to know MORE than my client about their needs especially when they make a specific requirement.
Let me guess about the person that you are: if you were a waiter in a restaurant and a skinny person ordered diet soda, you'd just replace it with regular sofa because they didn't n
Re: (Score:2)
I'm the waiter telling you most people can't tell any difference between a $50 dollar bottle of wine and a $500 bottle. Maybe everyone who gets the $500 dollar bottle is a super-taster, but more likely they want to impress someone. Sure there are a few corner cases were you 99.999% need POSIX compatibility, but for most things 99.98% is good enough.
Pulling a switcheroo is just plain silly and passive-aggressive (and nowhere did I suggest you do that), asking question about underlying technical requiremen
Re: (Score:2)
I'm the waiter telling you most people can't tell any difference between a $50 dollar bottle of wine and a $500 bottle
Despite the customer insisting to you that that is exactly what they want. You must hold down a lot of jobs in customer service.
Maybe everyone who gets the $500 dollar bottle is a super-taster, but more likely they want to impress someone.
Which would make it of your business, wouldn't it?
Sure there are a few corner cases were you 99.999% need POSIX compatibility, but for most things 99.98% is good enough.
Again how do you know what my clients want? You don't do you? You are imposing your opinion based on 0% knowledge of my clients. Thus complete speculation on your part.
Pulling a switcheroo is just plain silly and passive-aggressive (and nowhere did I suggest you do that), asking question about underlying technical requirements and new suggestions based on the answers is not.
No I answered your question: You don't know what my client needs are. You assume you know better than them. You also assume I don't know. You also assume that I am al
Re: (Score:2)
Re: (Score:2)
They have also removed the option to run applications from anywhere from the security settings, you used to be able to choose from only the App Store, App Store and Trusted Developers (you know, trusted by Apple, not the user) and Anywhere, but now they have removed the 'Anywhere' option. The writing is on the wall that it is going in a very user-hostile direction and becoming exactly the opposite of Apple's portrayal of themselves in that 1984 ad.
Well that's a bold faced lie. I just installed a bunch of applications the other day on a machine. None of which I got from the App Store or "Trusted Developers". I guess is that you don't know that OS X requires you to verify that you want to install something that you got off the Internet with a dialog confirmation. After clicking "Yes, install", it installed and ran fine.
Re: (Score:2)
Re: (Score:3)
Apps are for cows, you bunch of non-HOSTS-file-modifying cows! You are all LUDDITE cows that don't use apps and leave your HOSTS files empty. Moo say the cows. YOU COWS. Apps can run on cows, but HOSTS files can block LUDDITE cows.
Apps!
Re: (Score:2)
Re: (Score:2)
It doesn't need to exist. They just copied the wrong field when they saved the hint.
Re: BUY WINDOWS ONLY (Score:2)
WTF (Score:2)
Re: WTF (Score:2)
Re: (Score:2)
How can such a bug in a security sensitive component of OS-X be overlooked in testing?
Because the password hint field is often not considered critical functionality, test worthy or even security sensitive?
Re: (Score:2)
Maybe Apple has poor QA testings. Maybe they don't even have a QA department like many companies. Or maybe they ignored it from their external testers. :(
Understandable common mistake (Score:2)
I once switched the username and password fields while creating the account in Slashdot and I am still living with it ;-)
But my friend, who runs a small company, got the shock of his life when the bank clerk switched the amount and data while entering some transaction. (It was in Chennai, India, not fully automated ban
Re: (Score:2)
You see it is common for people to switch the data between two fields when they enter it. Obviously the developer switched the fields and is showing hint for password, and password for hint.
I once switched the username and password fields while creating the account in Slashdot and I am still living with it ;-)
But my friend, who runs a small company, got the shock of his life when the bank clerk switched the amount and data while entering some transaction. (It was in Chennai, India, not fully automated banking). The bank debited 12102015 rupees from his account or something.
That was exactly my thought; that this was a Developer brain-fart, not a design-flaw.
Re: Understandable common mistake (Score:2)
Re: (Score:2)
Of course it wasn't a design flaw, it's a fucking process fail on the developer, the senior developer in charge, the lead QA manager, etc.
How you can't comprehend the numerous fuckups is true Apple Kool-aid shit.
Just stop commenting on Apple stories.
So, you never make a mistake, right?
It's not like people click on that Password Hint button very often. And Apple fixed it, PRONTO!
Jeebus! I hope YOUR work could stand up to such scrutiny...