Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Desktops (Apple) Apple

Apple Addresses a Bug That Caused Disk Utility in macOS High Sierra To Expose Passwords of Encrypted APFS Volumes (macrumors.com) 85

Joe Rossignol, writing for MacRumours: Brazilian software developer Matheus Mariano appears to have discovered a significant Disk Utility bug that exposes the passwords of encrypted Apple File System volumes in plain text on macOS High Sierra. Mariano added a new encrypted APFS volume to a container, set a password and hint, and unmounted and remounted the container in order to force a password prompt for demonstration purposes. Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint. [...] Apple has addressed this bug by releasing a macOS High Sierra 10.13 Supplemental Update, available from the Updates tab in the Mac App Store.
This discussion has been archived. No new comments can be posted.

Apple Addresses a Bug That Caused Disk Utility in macOS High Sierra To Expose Passwords of Encrypted APFS Volumes

Comments Filter:
  • by alispguru ( 72689 ) <bane AT gst DOT com> on Thursday October 05, 2017 @02:21PM (#55316651) Journal

    When creating a new volume, it apparently puts the password into the password hints field.

    If you create a new volume using command-line tools, things are fine.

    The encryption is still OK; this bug just leaves the key to the front door under the mat.

    Which is still appalling.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      How is it able to show the plain text password to begin with? Sounds like the password isn't hashed or encrypted itself to begin with and stored as plaintext somewhere. The system shouldn't know what the password is.

      • by sbrown7792 ( 2027476 ) on Thursday October 05, 2017 @02:34PM (#55316771)
        Right, the system shouldn't know, that's why this is a bug.

        When creating a new volume, [the Disk Utility GUI] apparently puts the password into the password hints field.

        A hint needs to be plaintext to read it later, the error was the utility saving the *password*, not the *hint*, in the hint field.

        • by AmiMoJo ( 196126 )

          Any idea how long it has been that way?

        • by Nidi62 ( 1525137 )

          Right, the system shouldn't know, that's why this is a bug.

          When creating a new volume, [the Disk Utility GUI] apparently puts the password into the password hints field.

          A hint needs to be plaintext to read it later, the error was the utility saving the *password*, not the *hint*, in the hint field.

          Maybe they just wanted to be really sure the user got the hint?

        • Right, the system shouldn't know, that's why this is a bug.

          When creating a new volume, [the Disk Utility GUI] apparently puts the password into the password hints field.

          A hint needs to be plaintext to read it later, the error was the utility saving the *password*, not the *hint*, in the hint field.

          This sounds to me like some "Development" code that got left in the GM by mistake, rather than a fundamental design flaw.

          Happens.

          • by Brockmire ( 4931623 ) on Thursday October 05, 2017 @04:25PM (#55317493)
            Typical at Apple, where shit like "GotoFail" is a regular occurrence. Shitty developers with nonreviewed code in important security places, no QA and test procedures... bugs can show up in corner cases, but not in THE FUCKING USE CASE. Who the fuck is running things over there?
            • Typical at Apple, where shit like "GotoFail" is a regular occurrence.

              Shitty developers with nonreviewed code in important security places, no QA and test procedures... bugs can show up in corner cases, but not in THE FUCKING USE CASE.

              Who the fuck is running things over there?

              A REGULAR occurence?!? You mean ONCE, right?

              Just like the bug in BASH that went for 25 YEARS with NONE of the "Many Eyes" spotting it???

              FOAD, tool!

      • Not necessarily true: if you want the system to be able to mount a volume without user intervention (or boot from it), it must know the whole password, a hasj is not enough for decryption. Of course the password should be properly encrypted with a not easily accessible system-level key.

        • Not necessarily true: if you want the system to be able to mount a volume without user intervention (or boot from it), it must know the whole password, a hasj is not enough for decryption.

          Why would you password-protect a file or volume to begin with if you want the system to be able to decrypt it without user intervention? The purpose of encryption is to prevent unauthorized access, not allow it.

          • Because some systems are implicitly trusted. Like my removable HDD which I plug in to my home computer, that gets auto-mounted. It doesn't on my laptop*.

            The protection should match the threat. A lot of encryption is to stop basic things like a thief selling a HDD of yours full of data on ebay.

            *But it could be too. Windows 10 relies on your login credentials to protect the key to auto-decrypt drives. This is why having a windows password in place is sufficient to protect bit-locker encrypted drives even if t

      • The system still doesn't know what the password is. So far as it knows, the thing it's showing you really is the password hint.

        As the GP suggested, the bug isn't technically that the password is being stored in plaintext, though that is a consequence of the bug. Rather, the bug is that the hint's value is being set to the password's value when a user sets up a new encrypted volume in the version of Disk Utility that shipped with High Sierra.

        Thankfully, this only affected users on the latest version of the O

    • When creating a new volume, it apparently puts the password into the password hints field.

      If you create a new volume using command-line tools, things are fine.

      The encryption is still OK; this bug just leaves the key to the front door under the mat.

      Which is still appalling.

      But it is also fixed.

    • if you don't want to wait, here's the diff so you can patch yourself

      - store.volumes.apfs.hint = password
      + store.volumes.apfs.nsahint = password

  • How can such a bug in a security sensitive component of OS-X be overlooked in testing?
    • Par for the course. Nothing was done after GotoFail, after all.
    • How can such a bug in a security sensitive component of OS-X be overlooked in testing?

      Because the password hint field is often not considered critical functionality, test worthy or even security sensitive?

    • by antdude ( 79039 )

      Maybe Apple has poor QA testings. Maybe they don't even have a QA department like many companies. Or maybe they ignored it from their external testers. :(

  • You see it is common for people to switch the data between two fields when they enter it. Obviously the developer switched the fields and is showing hint for password, and password for hint.

    I once switched the username and password fields while creating the account in Slashdot and I am still living with it ;-)

    But my friend, who runs a small company, got the shock of his life when the bank clerk switched the amount and data while entering some transaction. (It was in Chennai, India, not fully automated ban

    • You see it is common for people to switch the data between two fields when they enter it. Obviously the developer switched the fields and is showing hint for password, and password for hint.

      I once switched the username and password fields while creating the account in Slashdot and I am still living with it ;-)

      But my friend, who runs a small company, got the shock of his life when the bank clerk switched the amount and data while entering some transaction. (It was in Chennai, India, not fully automated banking). The bank debited 12102015 rupees from his account or something.

      That was exactly my thought; that this was a Developer brain-fart, not a design-flaw.

      • Of course it wasn't a design flaw, it's a fucking process fail on the developer, the senior developer in charge, the lead QA manager, etc. How you can't comprehend the numerous fuckups is true Apple Kool-aid shit. Just stop commenting on Apple stories.
        • Of course it wasn't a design flaw, it's a fucking process fail on the developer, the senior developer in charge, the lead QA manager, etc.

          How you can't comprehend the numerous fuckups is true Apple Kool-aid shit.

          Just stop commenting on Apple stories.

          So, you never make a mistake, right?

          It's not like people click on that Password Hint button very often. And Apple fixed it, PRONTO!

          Jeebus! I hope YOUR work could stand up to such scrutiny...

The time spent on any item of the agenda [of a finance committee] will be in inverse proportion to the sum involved. -- C.N. Parkinson

Working...