External APFS volum...
 
Notifications
Clear all

External APFS volume encryption security "gap"

3 Posts
2 Users
0 Likes
349 Views
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Interesting findings (Mac OS up to 10.13)
https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp

jaclaz

 
Posted : 22/03/2018 1:21 pm
JaredDM
(@jareddm)
Posts: 118
Estimable Member
 

Here's an even easier way to find that password

https://www.youtube.com/watch?v=FALiAAWfGVQ

They are definitely making some mistakes in their security implementation. lol lol

Obviously they quickly fixed the password hint showing the actual password in the next update, but that proved to me it was being stored somewhere in plain text.

 
Posted : 22/03/2018 6:07 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Another one was found (in a worse, in the sense of much more persistent, log)

This is actually a worse problem than the one I previously reported on.

The previous examples were found in the unified logs which can hang around for a few weeks, this new example stores the exact same information in the system's /var/log/install.log. I have found that the install.log will only get wiped out upon major re-installation (ie 10.11 -> 10.12 -> 10.13), therefore these plaintext passwords will hang around for quite a bit longer than a few weeks! I had entries dating back to when I originally installed High Sierra on this system back in November of 2017!

https://www.mac4n6.com/blog/2018/3/30/omg-seriously-apfs-encrypted-plaintext-password-found-in-another-more-persistent-macos-log-file

jaclaz

 
Posted : 31/03/2018 6:36 pm
Share: