This is a serious post. I am asking people to see if they can duplicate this.
I think my cat may have just discovered a major Snow Leopard security bug.
My cat has a tendancy to get up on my desk and walk around on my key board. So in order to prevent him from messing anything up I logged out of my account on snow leopard, and left the mac sitting at the logon screen.
My mac is configured to prompt for a user name and password at every login.
So my cat was standing on my keyboard while the mac was sitting on the login screen. He was just sitting on random keys for a few minutes.
So I hit ENTER (which would normally clear a bogus password). Guess what it did instead? I got a message saying "Your password is too long" and a prompt to MAKE A NEW PASSWORD letting me create a new one!
I have been able to duplicate this consistently the past 20 minutes.
Can anyone else duplicate this? To duplicate this - Configure your snow leopard install to ask for a password and user name to login. Then log out and you should have the screen with your user name and a blank password field.
HOLD DOWN any key on your keyboard. The letter "A" for example. HOLD IT DOWN FOR 3-5 MINUTES. Then press enter on the keyboard. Instead of the password field clearing its self you get a screen saying your password is too long letting you make a new password for the account!
This means anyone can create a new password and login to a Mac simply by holding down a key for a few minutes.
I am doing this on an Imac Core 2 Duo system with snow leopard. I do not have any other macs to test if this happens on OS 10.5 or earlier.
I think my cat may have just discovered a major Snow Leopard security bug.
My cat has a tendancy to get up on my desk and walk around on my key board. So in order to prevent him from messing anything up I logged out of my account on snow leopard, and left the mac sitting at the logon screen.
My mac is configured to prompt for a user name and password at every login.
So my cat was standing on my keyboard while the mac was sitting on the login screen. He was just sitting on random keys for a few minutes.
So I hit ENTER (which would normally clear a bogus password). Guess what it did instead? I got a message saying "Your password is too long" and a prompt to MAKE A NEW PASSWORD letting me create a new one!
I have been able to duplicate this consistently the past 20 minutes.
Can anyone else duplicate this? To duplicate this - Configure your snow leopard install to ask for a password and user name to login. Then log out and you should have the screen with your user name and a blank password field.
HOLD DOWN any key on your keyboard. The letter "A" for example. HOLD IT DOWN FOR 3-5 MINUTES. Then press enter on the keyboard. Instead of the password field clearing its self you get a screen saying your password is too long letting you make a new password for the account!
This means anyone can create a new password and login to a Mac simply by holding down a key for a few minutes.
I am doing this on an Imac Core 2 Duo system with snow leopard. I do not have any other macs to test if this happens on OS 10.5 or earlier.
