Someone verify this bug?

wzpgsr

Registered
I found out that I am able to authenticate into NetInfo Manager using any user name and password, even non-admin users. Is anyone else able to do this?
 

jcpowers21

Registered
Are the non-admin's able to change anything though? Try to login as a non-admin then try to change root's password. I'd try but i'm not in X.1 right now.
 

blb

`'
A non-admin cannot change stuff; I just tried authenticating as a non-admin, which went just fine, but as soon as I try to save a change, I see You do not have permissions to modify the directory: ...
 

jcpowers21

Registered
That is what I thought would happen, but if you are running a server with other people using it they can still view your encrypted passwd and root's encrypted password I think. So to fix this i think you just need to login as root or as an admin, get the info for the netinfo manager, and then change the permissions so that only admin's can see it...That should work...If it doesn't let me know.
 

jimr

McInstigator
so that even if you don't type any password
in a system app like netinfo mgr
you log in to the next app you start up from the recent items folder as root.

no wonder you can't delete your trash!!!

see articles at

http://www.stepwise.com/
<b>
this is an urgent security message.!!!!!!
</b>

watch for an update from Apple real soon
 
Top