Apple’s macOS Reveals Your Encrypted Drive’s Password in the Hint Box

[Megalith]

Apple had to issue an emergency update for macOS High Sierra this week to address a bug that exposed the passwords of encrypted APFS volumes via the password hint feature: when a user mounts an APFS volume and is asked to enter the password before being able to access the data, the user's password is displayed instead of the hint if the password hint button is pressed.

The problem becomes apparent when you create an encrypted APFS volume on a Mac with an SSD using Apple's Disk Utility app. After setting up a password hint, invoking the password hint mechanism during an attempt to remount the volume will display the actual password in plaintext rather than the hint.

 

[Nenu]

lol.
QA ftw.

 

[[21CW]killerofall]

This is a feature so you never forget your password.

 

[westrock2000]

No APFS for Fusion is the bigger oversight. Fusion is one of my favorite things. Why has no one else implemented such a simple solution?

 

[eneq]

WTH they actually STORE the passwords somewhere? That's just bad security FTW, wouldn't surprise me if they folded to some NSA request...

 

[BulletDust]

WTH they actually STORE the passwords somewhere? That's just bad security FTW, wouldn't surprise me if they folded to some NSA request...

Naturally they have to store the password 'somewhere', you just assume they know better than to store the password as plain text.

 

[Ocellaris]

Looks like a pretty solid hint, I fail to see the issue here.

 

[Spaceninja]

They were just exercising some courge with that feature!

 

[Liquid_Static]

Apple moving to a modern file system (and being the only consumer desktop/laptop vendor to do so) is great. This slip-up however is not.

 

[steakman1971]

No APFS for Fusion is the bigger oversight. Fusion is one of my favorite things. Why has no one else implemented such a simple solution?

It's supposed to be supported at a later date - but wtf Apple. I use a Fusion drive in my Mac as it gives a good trade off between storage and speed.

 

[Deleted member 93354]

Jebuz. Passwords should always be stored as a hash. That's security 101

The head of security at Equifax must have found a new job already.

 

[eneq]

Naturally they have to store the password 'somewhere', you just assume they know better than to store the password as plain text.

You never store passwords, any validations are done against derivatives of the password (such as a hash) that are not reversible.

 

[Jim Kim]

Jebuz. Passwords should always be stored as a hash. That's security 101

The head of security at Equifax must have found a new job already.

He did, now he consults for the NSA, Kaspersky and Apple.

 

[Eulogy]

You never store passwords, any validations are done against derivatives of the password (such as a hash) that are not reversible.

Yup. Store the hash... then you hash any passwords that are entered, compare that to the stored hash and look for a match. If it matches, go on through... otherwise, nope. Never, ever, under any circumstance should a password be stored directly.

 

[noko]

Wow!

 

[likeman]

more then likely what has happened is that it read the password box instead of reading the Hint box when saving the hint (can't see apple been that stupid and saving the password itself in plain text)

 

[Kdawg]

Apple.
It just works.

 

[risc]

Sucks bad but glad they patched it quickly.

We all love competition here, right?

 

[Twisted Kidney]

That's handier than a warrant.

 

[kirbyrj]

This is a feature so you never forget your password.

Courage

 

[lostin3d]

It was a hint to match the average user knowledge for Apple products.

 

[B00nie]

This is a feature so you never forget your password.

Not so long ago the default feature of windows was to ask if you wanted to reset your password after 3 tries.

 

[cyberguyz]

macOS is WAY more secure than Windows

 

[ZeqOBpf6]

Not so long ago the default feature of windows was to ask if you wanted to reset your password after 3 tries.

can you show me something talking about this?

 

[viper1152012]

Now that takes some courage.

 

[Bounty]

So does this mean they can finally decrypt this guy's HDD? https://hardforum.com/threads/man-w...ives-still-in-prison-after-two-years.1943106/ Just update MacOS to whatever broken version, then look for the password hint?

 

[likeman]

So does this mean they can finally decrypt this guy's HDD? https://hardforum.com/threads/man-w...ives-still-in-prison-after-two-years.1943106/ Just update MacOS to whatever broken version, then look for the password hint?

not likely the bug is that the bit that saves the hint is reading the password box not the hint box when saving the hint

 

[bman212121]

more then likely what has happened is that it read the password box instead of reading the Hint box when saving the hint (can't see apple been that stupid and saving the password itself in plain text)

That would be my guess as well. Someone messed up the interface and accidentally grabbed the hint from the wrong textbox.

 

[Emission]

Someone got fired today.

 

[CharonPDX]

WTH they actually STORE the passwords somewhere? That's just bad security FTW, wouldn't surprise me if they folded to some NSA request...

That would be completely surprising considering Apple's history of *NOT* giving in an inch to government requests...

 

[CharonPDX]

So does this mean they can finally decrypt this guy's HDD? https://hardforum.com/threads/man-w...ives-still-in-prison-after-two-years.1943106/ Just update MacOS to whatever broken version, then look for the password hint?

Almost certainly not - to upgrade to a newer OS on an encrypted drive, you have to first enter the password for the encrypted drive. Not to mention, as others have suggested, it is extremely likely that the security flaw is in the "store the password hint" stage, not in the actual "storing the password" stage. That it puts what you entered for the password in both the (properly encrypted) password field as well as the (not encrypted) password hint field; instead of putting what you type in the "password hint" entry in the password hint field.

I just tested - if you don't enter a hint, this flaw doesn't come up. If you enter nothing in the "Hint" box, it doesn't store anything for hint, and when you go to re-mount the drive, the "enter password" dialog box doesn't even have a "show hint" button.

Moral of the story, don't enter a hint.