Interesting findings (Mac OS up to 10.13)
https://
jaclaz
Here's an even easier way to find that password
https://
They are definitely making some mistakes in their security implementation. lol lol
Obviously they quickly fixed the password hint showing the actual password in the next update, but that proved to me it was being stored somewhere in plain text.
Another one was found (in a worse, in the sense of much more persistent, log)
This is actually a worse problem than the one I previously reported on.
The previous examples were found in the unified logs which can hang around for a few weeks, this new example stores the exact same information in the system's /var/log/install.log. I have found that the install.log will only get wiped out upon major re-installation (ie 10.11 -> 10.12 -> 10.13), therefore these plaintext passwords will hang around for quite a bit longer than a few weeks! I had entries dating back to when I originally installed High Sierra on this system back in November of 2017!
https://
jaclaz