This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Mac OS X host logs passwords in plaintext.
Plaintext passwords were discovered in a system log file. Mac OS X
Lion release 10.7.3 enabled a debug logging feature that causes
plaintext passwords to be logged to /var/log/secure.log on systems
that use certain FileVault configurations. A local attacker in the
admin group or an attacker with physical access to the host could
exploit this to get user passwords, which could be used to gain access
to encrypted partitions.
See also :
Upgrade to Mac OS X 10.7.4 or later and securely remove log files
that contain plaintext passwords (refer to article TS4272).
Risk factor :
Low / CVSS Base Score : 1.9
CVSS Temporal Score : 1.8
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 59090 ()
Bugtraq ID: 53402
CVE ID: CVE-2012-0652
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.