Mac OS X AppleShare Administrative access hack
Today it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users
I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4.
If a Mac OS X 10.1.4 box contains multiple user or administrator accounts, their home directories as well as access to some shared folders with permissions for only one specific account can be broken into via AppleShare.
The trick is simple. This can be done on any administrator account on the Mac OS X box. Any administrator from a Mac OS 9.2.2 box can simply open the Chooser, click on AppleShare, and select a Mac OS X box in which he or she has administrator access to. From there, type in the username of the account in which you wish to break into. Then type the password to YOUR administrator account. Any administrator can gain full access to any other administrator or user’s home directory using this method.
Although this only seemed to appear after updating to Mac OS X 10.1.4, I didn’t have the opportunity to attempt this with other versions of Mac OS X. I believe the problem exists in Mac OS X 10.1.4 and can be exploited using all versions of the legacy Mac OS supporting AppleShare over TCP/IP.