MacOS 9 Console Lock Bypass Vulnerability

MacOS 9 includes an idle-activated console lock feature, similar to a screensaver password in other operating systems. After a certain length of user inactivity, a dialog box appears stating that a password must be entered. After the user clicks 'OK' another dialog box appears offering the option to either supply a password or to log out the current user. If the 'log out' option is chosen, any programs running will start to shut down. In certain programs, dialog boxes are created in the shutdown process (for example, "Exit without saving? OK/Cancel"). If the user selects 'Cancel', the shutdown process is aborted and the user is returned to the current session without ever having to enter a password.


Privacy Statement
Copyright 2010, SecurityFocus