|
|
|
|
| |
| It is possible to bypass the console lock of the MacOS 9.0 operating system, by using a special sequence of buttons. The idea behind it is, that you log off the current user that locked the console, and cancel the shutdown process by selecting cancel (when prompted whether to quit the program) on one of the programs that shuts down. |
| |
Credit:
The vulnerability was reported by: Sean Sosik-Hamor
|
| |
Vulnerable systems:
Apple MacOS 9.0
Non vulnerable systems:
Earlier versions of the MacOS operating system.
MacOS 9 includes an idle-activated console lock feature, similar to a screensaver password in other operating systems. After a certain length of user inactivity, a dialog box appears, stating that a password must be entered. After the user clicks 'OK' another dialog box appears offering the option to either supply a password or to log out the current user. If the 'log out' option is chosen, any running programs will start to shut down. In certain cases, dialog boxes are created in the shutdown process (for example, "Exit without saving? OK/Cancel"). If the user selects 'Cancel', the shutdown process is aborted and the user is returned to the current session without ever having to enter a password.
|
|
|
|
|
|
|
|
|
|
