oc photon wrote:
> n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacob (at) appelbaum (dot) net [email concealed]> wrote:
>> Moin moin Bugtraq readers,
>>
>> Bill Paul and I have discovered that LoginWindow.app doesn't clear
>> credentials after a user is authenticated.
> This has already been discovered in 2004. While the author only looks
> at swap files, it is obvious that this is the same bug.
>
> http://seclists.org/bugtraq/2004/Jun/0417.html
>
>
Thanks for the heads up. It's very possible that this is the same bug
but obviously we found it in a different context. It surely seems like
it may be the original that Apple would not discuss with us.
The bug number it was duped against was over 2 million bugs prior. Does
that sound like Apple knew about this for nearly _4_ years (!) and
didn't do anything about it?
That's seriously pathetic if it's actually that case!
> n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacob (at) appelbaum (dot) net [email concealed]> wrote:
>> Moin moin Bugtraq readers,
>>
>> Bill Paul and I have discovered that LoginWindow.app doesn't clear
>> credentials after a user is authenticated.
> This has already been discovered in 2004. While the author only looks
> at swap files, it is obvious that this is the same bug.
>
> http://seclists.org/bugtraq/2004/Jun/0417.html
>
>
Thanks for the heads up. It's very possible that this is the same bug
but obviously we found it in a different context. It surely seems like
it may be the original that Apple would not discuss with us.
The bug number it was duped against was over 2 million bugs prior. Does
that sound like Apple knew about this for nearly _4_ years (!) and
didn't do anything about it?
That's seriously pathetic if it's actually that case!
Regards,
Jacob Appelbaum
[ reply ]