Mac OS X Lion is reportedly creating serious security risks for businesses that use LDAP for authentication, reports TheRegister. LDAP stands for Lightweight Directory Access Protocol and LDAP servers often contain repositories of highly sensitive enterprise data.
The LDAP breakdowns in Lion aren't well understood because Apple still hasn't admitted there's any problem. But according to threads here and here, it affects Macs running Lion that use LDAP to authenticate users to different desktop machines. After the initial login, Lion users can log in with any password. Apple's latest operating system, which was released last month, blindly accepts whatever pass code it's given.
"Even though we have Open Directory running now (snark snark), we use OpenLDAP for our datacenter access and for clients," writes a MacRumors forum member. "Simply having Lion installed is a security vulnerability, as any user who can access OD settings can connect to the datacenter as any other users. It's a HUGE hole."
Strangely, Apple has not repaired the issue in 10.7.1 and it's unclear if developer builds of Lion 10.7.2 have fixed the issue either.
"It's a pretty big deal for customers using LDAP as their authentication scheme, and it demonstrates that enterprise deployment scenarios are obviously not part of Apple's regression testing plan," Alex Stamos, a researcher at iSec Partners, told TheRegister. "Hopefully heavy coverage of these issues will lead Apple to invest security resources into improving the areas of OS X important to enterprise users, not just end consumers."
Read More
The LDAP breakdowns in Lion aren't well understood because Apple still hasn't admitted there's any problem. But according to threads here and here, it affects Macs running Lion that use LDAP to authenticate users to different desktop machines. After the initial login, Lion users can log in with any password. Apple's latest operating system, which was released last month, blindly accepts whatever pass code it's given.
"Even though we have Open Directory running now (snark snark), we use OpenLDAP for our datacenter access and for clients," writes a MacRumors forum member. "Simply having Lion installed is a security vulnerability, as any user who can access OD settings can connect to the datacenter as any other users. It's a HUGE hole."
Strangely, Apple has not repaired the issue in 10.7.1 and it's unclear if developer builds of Lion 10.7.2 have fixed the issue either.
"It's a pretty big deal for customers using LDAP as their authentication scheme, and it demonstrates that enterprise deployment scenarios are obviously not part of Apple's regression testing plan," Alex Stamos, a researcher at iSec Partners, told TheRegister. "Hopefully heavy coverage of these issues will lead Apple to invest security resources into improving the areas of OS X important to enterprise users, not just end consumers."
Read More