[SOLVED] Mac Lion blindly accepts any LDAP password

[Archean]

Apple's latest version of Mac OS X is creating serious security risks for businesses that use it to interact with a popular form of centralized networks. People logging in to Macs running OS X 10.7, aka Lion, can access restricted resources using any password they want when the machines use a popular technology known as LDAP for authentication. Short for Lightweight Directory Access Protocol, LDAP servers frequently contain repositories of highly sensitive enterprise data, making them a goldmine to attackers trying to burrow their way in to sensitive networks. “As pen testers, one of the first things we do is attack the LDAP server,” Rob Graham, CEO of auditing firm Errata Security, said. “Once we own an LDAP server we own everything. I can walk up to any laptop (in an organization) and log into it.”

 

[Ijack]

Yet another reason to avoid Macs in an enterprise environment. But by no means the only reason. I don't think Apple are really interested in selling to businesses.

 

[Archean]

Then there is small matter that as its share will grow, so will the attacks and malware etc. IMO no OS is completely safe, nor one ever can be.

 

[roagie]

Archean,

Is this first hand knowledge, a repost, or rumor? I would like to know as this particular problem does not exist to the extent of "any" password working for the LDAP in 10.6 and earlier. What security features are enabled on the server? Kerberos etc?

If you could give me the details it would be greatly appreciated.

Edit:
Found the information at a couple spots. Thanks for the heads up Arch. Once again you are correct Ijack, but I think we had this conversation before ;P.

 

[Archean]

Best answer selected by Archean.