Security Breach in OS 10.3!?!?!

Kenshi

Registered
Ladies and Gents,

A while back I had problems with people getting onto my computer and screwing around with it. So I password protected it at startup. Well, our techguy was in last night, and somehow bypassed it, so that now you can not only use my password to get on it, but my boss has his own password as well.

Given that my boss is one of the most dishonest, untrustworthy people out there, he was the reason I put the password on in the first place.

How the heck do I get rid of that other password?

I've already gone into system preferences>accounts but I have found no trace of the other password, just mine. I've also looked in "security", and nothing there either!!! There is also just one account on the computer, the Admin account, but there are 2 passwords that can be used to get on the computer!

Help!!! :eek:
 
Does your boss log in with the exact same username you use, or does he have his own username ?

There is a possibility that your tech logged in under single-user mode, which is a boot option, and then used niutil to add a user for your boss. To check, you can open
/Applications/Utilities/NetInfo Manager and go through /users/ and see if there's an account with a funny name like "boss" or even your boss' name. Know, though, that there should be lots of users listed there that are used for various system functions...
 
Hey Michael,

Well, see, the boss isn't computer literate. However, I've caught him screwing around on it before, and it's made a mess of things. So there's only one log in name.

I also tried what you said and no dice. I looked at the login for my account, and it listed all of the information regarding the password and password hint. All the other "users" on there seemed to be...bogus ones? There was nothing with any real access to them.

Any other ideas?

Have you heard of one account having 2 passwords?
 
The tech probably just booted off the OS CD and reset the password. You can do the same. Boot off the CD holding the C key down. After the installer window appears, go up to the Installer Menu to Reset Password.
 
Ok, I tried using that...however, no dice.

What about logging on as a single user or something?
 
Ok, sorry, didn't see what you were actually asking.

You just want to get rid of your bosses password, right?

Open NetInfo Manager in the Utility folder.
Unlock, you'll need your master password.
Click on Users
Go to passwd
Double Click on the password for the screw up and change it.
 
Hey Bob,

Unfortunately, I don't think this can be solved in any OS application. I've tried everything, which leaves something in Unix. Some have said he's set a password in there...do you know anything about that?
 
Perhaps they're referring to the "root" password, which, unless they just guessed it, is pretty impossible to get without use of brute force methods (programs that keep trying different combinations of passwords until they get it. A good, random, long password would keep a brute force program busy for weeks or months trying and trying).

If you haven't specifically changed the root password yourself, then root uses the same password as the administrator account you set up when you first installed OS X.
 
I think it's most probably your boss being able to guess the password you've used.

While there are known Unix hacks, I don't think it applies in this case.
 
Do you have more than one account on this machine?
One for you and your boss, or just you?

You can reset the Admin password using the OS CD.

You can change your user account password in the Accounts PreferencePane.

Once you do that, your boss won't be able to get in unless he has his own account.

Explian the exact situation you're dealing with, clearly. My brain absorbes slowly :)
 
Even if a root password has been set, as an administrator you can
  1. launch /Applications/Utilities/Netinfo Manager
  2. on the Security menu select "Authenticate" and enter your admin password
  3. again on the Security menu select "Disable root account."
  4. in System Preferences > Accounts, change your login password
  5. then select "Login Options" and uncheck the box labeled "Automatically login as."
  6. open /Applications/Utilities/Keychain Access and select your keychain, it will be the one with your short name
  7. on the Keychain Access > Edit menu select "Change password for Keychain yourshortname"
  8. change the keychain password to match your new logon password. Be very very careful to use the same case sensitive password preferably with mixed letters and numbers for the account and keychain passwords.
  9. consider in System Preferences > Accounts > Security activating filevault so your individual files are encrypted too. I don't like filevault because of the problems some users have encountered but it will keep the boss out of your data pretty securely.
As long as the tech and your boss have physical access to your computer, they may be able to break your security, but these techniques will make them work hard at doing it. However, do not be surprised if you come in some morning to find your machine has been erased and you no longer have administrative privileges. Nosey managers can get nasty that way. I started taking my personal iBook to work and using it. I just made sure they did not know I was doing it.
 
Ok, here's the specifics:

I am running Mac OS 10.3 and there is only one account on the computer, which is the admin account. I had passworded it to keep everyone off of it. The other night, the tech guy was in after hours with my boss (again, my boss knows nothing of computers), and he needed to get on the G4 to install some scanner software. '

He has somehow bypassed my security, using the username G4 and the password "dave".

So now, when I boot the computer up, and log into the admin account named G4, both my password and the password dave work.

I have done everything suggested here, including changing the root password, and using the OS disks to change the admin password, to no avail. Both passwords can access and log in to the G4 admin account.

So something is bypassing the OS security right?
 
Were you the original personal who set this computer up? Also, at the login screen, do you specifically type your username, or do you select it from a list?
 
I have trouble believing that there are actually two working passwords for one admin account, but be that as it may.....

If it were me, I'd probably try this: Create a second admin user -- different name, different password -- then copy my personal data files from oldusername to newusername. Then delete the first admin user. And change the root password, and disable root. I can't imagine that this second phantom password would work for an entirely new user.

But be aware: if your tech guy has the CD, he'll always be able to boot your computer off the CD.

Filevault may help there --- but there have been problems reported with Filevault, so you should make sure you have good backups of everything that's Firevaulted.

But also be aware: If this computer belongs to your employer, they almost certainly have a right to access it, and all the data on it, any time they want. Given what you've already expressed about your boss, you shouldn't keep any personal files whatsoever on there, and nothing that could get you in trouble. If, OTOH, the computer is yours, take it home.
 
Kenshi said:
I have done everything suggested here, including changing the root password, and using the OS disks to change the admin password, to no avail. Both passwords can access and log in to the G4 admin account.

So something is bypassing the OS security right?
Like others here, I have a problem with what appears to be two passwords for one account. You said you changed the root password. More importantly did you disable the root account?
 
Eldiabloconcaca: No, our tech guy did all the installation work. But, I am the one who set up the original password for the admin account. It's the only account on the G4. At startup, I just click on the G4 icon, and type in my password.

Sonjay: I swear on my mother's life, that there are 2 working passwords for the admin account. I just verified it, by restarting twice, and trying each one.

We have the OS 10.2 (but not the upgrade to 10.3) CD's here, but the thing is our tech guy doesn't work for us. So when he comes in, it's $50/hr.

I can understand my boss wanting to have access to everything, however, in my company I run all of our digital eqiupment, and he has no reason to be on the G4. If he wants access, it's for purely egotistical reasons. The last few times he's tried to get on it, he's caused some issues in some of my software applications. I don't have any personal stuff on it, but my boss has given me the responsibility to ensure the G4 is operated and maintained properly, I can't do that without a password.

Perfessor101: Yes, I did what you said, I changed the root password, and the root account is disabled.

If I have done all of this within the OS, surely there is something bypassing it then?
 
Did you ask Apple ? This looks like a real problem: a user cannot have two passwords in unix.

Or are both users differentiated by upper/lower case ?
 
Kenshi, I think if I were you, I would invest in a call to Apple Tech Support, but I would not tell Apple Tech Support about your boss, because I used to work tech support and I guarantee that would scare them off unless they had permission from your boss to work on the problem. Just tell them someone was messing around and now you have what appears to be two working passwords for the same account.

I think all of us would be very interested to know what Apple Tech Support has to say about this.
:confused:
 
Back
Top