Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jacob Appelbaum (jacobappelbaum.net)
Date: Thu Feb 28 2008 - 20:28:51 CST
oc photon wrote:
> n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacobappelbaum.net> wrote:
>> Moin moin Bugtraq readers,
>> Bill Paul and I have discovered that LoginWindow.app doesn't clear
>> credentials after a user is authenticated.
> This has already been discovered in 2004. While the author only looks
> at swap files, it is obvious that this is the same bug.
Thanks for the heads up. It's very possible that this is the same bug
but obviously we found it in a different context. It surely seems like
it may be the original that Apple would not discuss with us.
The bug number it was duped against was over 2 million bugs prior. Does
that sound like Apple knew about this for nearly _4_ years (!) and
didn't do anything about it?
That's seriously pathetic if it's actually that case!