Change the Password in Mac OS X 10.7 Lion Without Knowing the Current Password
There are a few ways to reset a password in Mac OS X 10.7 but both of those methods require reboots. This approach is different, it lets you change the password of the user currently logged into Mac OS X Lion, without knowing the user password, and without a reboot:
- Launch the Terminal, located in /Applications/Utilities/
- Type ‘whoami’ at the command line to get the current users precise login name, which will look something like this:
- Type the following command, replacing ‘username’ at the end with the exact current users login name that you retrieved from whoami:
- Enter the new password once, hit return, and confirm the new password again hitting return
$ whoami
Will
dscl localhost -passwd /Search/Users/username
The password is now changed.
No authentication is required, you simply enter the new password and confirm the changed password. This is much easier than the manual reset methods and it doesn’t require a reboot or any manipulation of user data in Mac OS X.
Remember that like anything else in the command line, capitalization matters, so if the username is reported back as “Will” that would be different than “will” – be sure to use the proper caps for the password to be changed.
This tip is undeniably useful for a wide variety of situations pertaining to system administration, troubleshooting, and theft recovery, but could also post a potential security risk. Regarding the security risk, it’s realistic to assume that if someone has a computer in their possession, little is safe unless the drive itself is encrypted.
This trick was included in a broader and more mischievous tip that we’ll stay away from, nonetheless thanks to Daniel for sending this in!
Update: Additional reports and comments are suggesting this is a bug in OS X Lion, if so we could expect a Security Update to Mac OS 10.7 in the near future that would remove the ability to run dscl without administrative authentication. We’ll keep you posted.
This is a great tip but also kind of freaky that it’s so easy. Granted 99.9% of Mac users don’t know Terminal exists let alone how to use it, this just goes to show that using FileVault is an exceptionally good idea.
Would be nice to know what the “more mischievous” tip is – especially from an IT Administrator’s perspective.
It is probably this, it is sitting on their Facebook page:
http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html
For better or worse, it has been posted in the comments and on Facebook
Speechless!
That’s not a tip. It’s a bug.
Very possible, if so I agree with Anderson (other commenter) that the solution is to require administrative privileges to use dscl.
Assuming the “mischievous tip” is about cracking passwords, it’s still on your Facebook wall.
I suspect a patch will be released by Apple so that sudo is required to use dscl, it would be a simple and immediate fix to any threat posed by this.
The real security risk here is that ANY app could activate this command and change your password because it doesn’t even ask for credentials! This would be a freakishly easy trojan to install on a victims machine, Apple HAS to patch this ASAP!
Indeed!
Out of interest, as it’s a similar idea. Is there a command for Terminal that changes the user’s account name?
This is a bug, not a feature. It freaks me out.
I’m unfamiliar with the intricacies of this app, but is a simple quick stopgap fix for it:
sudo chmod go-x /usr/bin/dscl
on the command line? That’ll knock out execute permissions for anybody except root on it, effectively requiring authentication to run it.
Is it that simple to patch? Or am I missing something bad that could come from doing this?
Where is this /Search directory? As far as I know, this directory never existed in a Unix system. So, this recipe doesn’t work as expected and we have nothing here.
You’ve got to be kidding me… of course this is a bug!! Damn Lion…
Why does everyone think it’s a problem? On Windows you never needed to know current password to change to new one. Just right click on user under system manager and select Reset Password. Windows wont ask you for the current.
@M: it’s not actually a real directory but a logical path used by dsctl and of course you won’t find it on your filesystem.
I’ve just checked and the bug (since allowing to change a password without any check IS a bug) is present on 10.7.1.
Hope we’ll have this fixed soon.
@jim: yes, changing permissions could actually do the trick. But this would require at least a minimal shell knowledge and many users won’t go that forward. IMHO.
An official fix is advised.
dscl . -passwd /Users/
NB: srch dir’s redundant.
Another good reason not to use Lion as main OS!
Long live SL!
The tool itself isn’t a bug, the bug is not to require sudo
99% of the web doesn’t understand this.
@Wowzers, I can see a possible truth in your statement, yet, it is irrelevant. 99% of the web is right in this case, it needs to be fixed. Of course, since that LDAP hole is not fixed either, we might as well wait upon the convenience of the central planners.
If it is so simple to change a password I wonder what is the meaning of security on Mac?……
[...] fallo se ha descubierto en Lion. Hace años que un agujero de seguridad parecido a este dejaba a merced de cualquiera el [...]
type this command in the terminal, it fixes the problem.
sudo chmod 100 /usr/bin/dscl
[...] a Comment We recently wrote about the dscl utility and how it allows a Mac OS X Lion user to change a password without knowing the existing password. The lack of required admin authentication has since been widely reported as a bug, and a small [...]
it does not work anymore.
WOW thanks sooo much! didn’t think it would work!!
when I did tried it still asked for the old users password
Thanks it saved my time..
its not working for 10.7.2
its still askd for old passwd
is there any other way?
Yes, you can reset a password this way:
http://osxdaily.com/2011/08/24/reset-mac-os-x-10-7-lion-password/
i have tried to do this multiple times but it keeps asking for the old password which i do not have, i type in…
whoami
it comes up with user even though my username for my computer is Cody
then i tried both of the following…
dscl localhost -passwd /Search/Users/user
And…
dscl localhost -passwd /Search/Users/user
after both it asks me for the new password but i am unable to type anything into the terminal, after i press return it says, permission denied, please enter old password
thats where my problem lays, i don’t know it!
what did i do wrong?
whoops, the sentence after the And… was supposed to be…
dscl localhost -passwd /Search/Users/Cody
sorry for the mistake!