/        /        /        /\
     ______/    ____/    ____/        / /
    /     /        /        /    ____/ /
   /     /____    /    ____/        / / 
  / / / /        /        /        / /
 /_/_/_/________/________/________/ /
 / . ../Macintosh  Security/.. .  /

LockOut 1.1.1 Vulnerability
Written by Epic, A Member of mSec <epic@msec.net>
Released 4/24/99

   LockOut is a simple application to help keep people from using your Mac while you're away.
When LockOut is run, the menubar and finder become hidden and you can only access the computer by entering a password. However, Lockout v1.1.1 and earlier version keep the password stored in a file in plaintext. Using a simple HexEditor anyone can open the file and view the password to gain access to the computer at a later time while lockout is running. The password along with the owner's preferences are store in a file in: Macintosh HD:System Folder:Preferences: LockOut Preferences where "Macintosh HD" is the name of the startup disk. The password starts at byte 517, byte 516 tells the application how long the current password is.

   If the owner of LockOut changes his/her password, and the new password is shorter then the old one, remains of the old password will still be present in the file. Looking at byte 516 will tell you how many characters/numbers to read into. If the password file was opened using "HexEdit", you would see something similar to this: .abd053 as the ascii value and 03 61 62 64 30 35 33 as the hex, the 03 or "." tell the application to read 3 bytes in for the current password, in this case "abd" and ignore "053" which was part of a old password

   At the present time there are no workarounds except that if you have important information on your computer and don't want family members or co-workers having access to them, don't use LockOut as your only means of protection. Hopefully in later version the author will incorporate some type of encryption scheme to increase the security LockOut provides.

Epic <epic@msec.net>