From: Jacob Appelbaum (jacobappelbaum.net)
Date: Thu Feb 28 2008 - 20:28:51 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

oc photon wrote:
> n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacobappelbaum.net> wrote:
>> Moin moin Bugtraq readers,
>>
>> Bill Paul and I have discovered that LoginWindow.app doesn't clear
>> credentials after a user is authenticated.
> This has already been discovered in 2004. While the author only looks
> at swap files, it is obvious that this is the same bug.
>
> http://seclists.org/bugtraq/2004/Jun/0417.html
>
>

Thanks for the heads up. It's very possible that this is the same bug
but obviously we found it in a different context. It surely seems like
it may be the original that Apple would not discuss with us.

The bug number it was duped against was over 2 million bugs prior. Does
that sound like Apple knew about this for nearly _4_ years (!) and
didn't do anything about it?

That's seriously pathetic if it's actually that case!

Regards,
Jacob Appelbaum

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]