Password security exposure with the Keychain

Apr 15, '02 09:52:32AM

Contributed by: robg

The following was submitted by an anonymous tipster:

I opened the Keychain Access utility in Mac OSX a while ago and noticed that it has a potential security flaw. In order to reveal the password for a particular entry, all a user has to do is open the Keychain Access utility, click 'Get Info" on an entry, and click on the "View Password" button, and the password is shown in clear text.

Since Mac OS X unlocks the keychain at login, anyone can find out a user's password in the span of a few minutes without having to authenticate themselves. In a shared environment, this flaw alone renders the Mac OS Keychain useless as a secure store for passwords that you might not want others to have access too.

A simple fix would be a password dialog that asks for the user's keychain password before the keychain is shown or before the password is revealed.
This problem strikes me as a Bad Thing. I realize that all bets are off with physical access to the machine, but in something like a lab environment, such access is bound to occur. A simple dialog box would at least stop the quick-look password thieves.

For now, the only solution I found was to manually lock your Keychain each time you login. Launch Keychain Access and select File -> Lock "user_name" (or just hit command-L). Once locked, you'll need a password to unlock and view the stored keys, which solves the security problem in a lab -- but you need to do this at each login.

Are there practical reasons why the Keychain is not left locked at login? I tried receiving mail and browsing the web with the locked Keychain, and had no problems.

Comments (30)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20020415095232379