2 posts tagged “mac”
I'm not sure if this qualifies as a true security issue, or not... but I think I've found a condition where a wireless network password might get stored in cleartext on Mac OS X 10.4.7, in a file which is readable by any user on the system. This is a Bad Thing.
Tested this on a WPA2 Enterprise network with Mac OS X 10.4.7 and both Intel and PPC Macs.
if you join your network from the Airport menu, you have the option of adding the password for the network to your Keychain, where it will happily sit in a well-encrypted dark cool place without causing any trouble.
However, if you choose not to join the network in this fashion, there's another way: via the Network system preference pane. Select the Airport interface and the Airport tab, set the Connect pop-up to Preferred Networks, and click the + to ad a network. You'll see a dialog like the one below... enter your credentials. Note the lack of a "Save password in Keychain" button.
Now, go and view the contents of /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist -- I used PropertyListEditor, part of Apple's XCode developer tools suite, but any plist editor will do. Expand out the List of known networks, 0, 802.1X Configuration... and looky there, right under UserName is UserPassword. Cheeky monkey.
This file is readable by any user on this machine! Yeagh. What's worse is that in many WPA2 configurations, the RADIUS authentication is handled by an LDAP server that's also doing authentication for other critical services. Bad bad bad.
There might be some reason to store the password in the preference file, but at the very least it should be hashed for your protection. It would also behoove the Network prefpane to WARN users "Hey, y'know, hate to be a pest, but this is going to save your password in cleartext in an obscure preference file, sure you wanna do that? Wouldn't you rather use this secure location over HERE? So much nicer... I bet you want to do that instead." :-)
Surf safe.
