BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Mac OS X stores login/Keychain/FileVault passwords on disk Jun 25 2004 09:48AM
Matt Johnston (matt ucc asn au)
It seems that Mac OS X (10.3.4 tested) doesn't bother clearing memory
containing sensitive data, or using mlock() to avoid swapping.

A quick grep of the swapfiles will show up various morsels:

rez:~> sudo strings -8 /var/vm/swapfile0 |grep -A 4 -i longname
longname
password
<user's password here>
...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus