About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Security Consulting
Feedback Form

SecureMac Software


Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing

Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry Security Resources
Marketing Macintosh Security Programs

Mac OS X 10.3 Panther Screen Lock Bypass

Advisory Title: Keys Getting Past Panther Screen Lock
Release Date: 2003 October 28
Affected Product: Mac OS X 10.3 Build 7B85
Severity: Low
Impact: Security Bypass
Where: Local System
Author: CodeSamurai (

With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in the period of time in which the keys events get through; completing complicated operations at the keyboard have shown to be highly tedious in actual practice thus far.

With the screen effect active, keys pressed before the authentication window appears will be sent to the general user environment.

Tested Examples:
- An open word processing document can be typed in.
- Shortcut operations via the keyboard are executed.
- New windows can be spawned.
- New folders can be created in the Finder.
- Switching between running applications is possible.
- One can navigate through the file system and launch applications.
- Terminal was launched and binary was executed from the command line.

Although the potential risk due to malicious intent via this vulnerability is obvious, tentatively it appears that in real-world practicality, the impact will most likely be statistically small. (But a chain is only as strong as its weakest link.)

SecureMac Notes: For the first-time-user actually executing anything useful before the screen lock appears is hard. For the user who practices and knows where items are stored and can quickly move around with the keys could change information or even disable authentication and gain access to the desktop.

Outside of the advisory, another major concern is that the user types their password before the dialog box has appeared and it echos to whatever application is parent in plain text. Instant Messages is what users are reporting they have echo'd their passwords to accidently.

Could not connect!