Bug allows Mac OS X Lion clients to use any LDAP password

Summary:If you have Mac OS X 'Lion' clients and use LDAP authentication, you need to read this.

Reports are circulating that Apple's latest incarnation of Mac OS X - 10.7 'Lion' - contains a serious LDAP network authentication bug.

The bug is a simple one, but at the same time a serious one - users logging in to Macs running OS X 10.7 can access restricted network resources using any password at all when LDAP is used for authentication (for example Apple's Open Directory or OpenLDAP).

At the moment it's not clear what the problem is because Apple doesn't own up to bugs until it has a patch for them but there's a fair bit of discussion about the problem on various forums. Some users claim that they can log into the network using any username and password while others claim to be completely locked out when using the correct username and password. Others are seeing a problem where they need the correct password initially but then other resources that require LDAP authentication are given automatic credentials.

Bottom line, if you use LDAP for authentication, and you have clients using 10.7 'Lion' then this is a pretty big deal. If that doesn't describe your setup then you don't need to worry about this.

Despite the problem first being reported on July 25, five days after Lion was released, Apple as yet to offer users a fix. This issue was not addressed in Apple's 10.7.1 update for Lion.

Topics: Enterprise Software, Apple, Hardware

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.