High Sierra vulnerability exposes the password of an encrypted APFS container

[jmdocherty]

Glass half-full: "Oops! They missed this because they were busy making all the other stuff super-secure."

Glass half-empty: "Oh-my-goodness...what would Steve say? FFS. We can't trust anyone any more!"

I'm inclined to be half-full.

[tinus_hn]

Glass completely empty: why is the system storing your password when the volume is not mounted so it can be revealed by the dialog?

[psychometry]

Someone probably just mixed up the hash keys for the password field and the hint field. The hint needs to be stored unencrypted so that it can be displayed.

[_jn]

Agree. It's probably an issue with the form, nothing underlying. (which means encrypted containers created via the command line should be safe from this vulnerability?)

[jchw]

So... it stores the password as a password hint?

One must wonder how Apple's QA process didn't catch something as egregious as that in a piece of security code.

[natch]

Probably some unthinking tester was just using the same string in both fields (e.g. “test”). As a developer I’ve learned over the years not to do that. That tester should have their work attitude adjusted and their methods thoroughly reviewed.

[headShrinker]

There’s probably some easy explanation but why is there a need separate code to store variables for the ssd vs hdd version? I would think this would be high level code, abstracted far away from any hardware differences

[jsjohnst]

I believe the SSD vs HDD issue is not about the password hint codepath, but rather that APFS is only supported on SSDs right now.

[jaclaz]

It is now officially acknowledged by Apple (though they don't seem like treating it as a bug):

https://news.ycombinator.com/item?id=15410953

https://support.apple.com/en-us/HT208168

[runesoerensen]

"Creating a volume via diskutil, the hint, not the pw is shown. Looks like the root cause is Disk Utility storing the password as hint."

https://twitter.com/felix_schwarz/status/915857500330700801