Change the Password in Mac OS X 10.7 Lion Without Knowing the Current Password

Sep 19, 2011 - 46 Comments

Change password of current user in Mac OS X Lion There are a few ways to reset a password in Mac OS X 10.7 but both of those methods require reboots. This approach is different, it lets you change the password of the user currently logged into Mac OS X Lion, without knowing the user password, and without a reboot:

  • Launch the Terminal, located in /Applications/Utilities/
  • Type ‘whoami’ at the command line to get the current users precise login name, which will look something like this:
  • $ whoami
    Will

  • Type the following command, replacing ‘username’ at the end with the exact current users login name that you retrieved from whoami:
  • dscl localhost -passwd /Search/Users/username

  • Enter the new password once, hit return, and confirm the new password again hitting return

The password is now changed.

No authentication is required, you simply enter the new password and confirm the changed password. This is much easier than the manual reset methods and it doesn’t require a reboot or any manipulation of user data in Mac OS X.

Remember that like anything else in the command line, capitalization matters, so if the username is reported back as “Will” that would be different than “will” – be sure to use the proper caps for the password to be changed.

This tip is undeniably useful for a wide variety of situations pertaining to system administration, troubleshooting, and theft recovery, but could also post a potential security risk. Regarding the security risk, it’s realistic to assume that if someone has a computer in their possession, little is safe unless the drive itself is encrypted.

This trick was included in a broader and more mischievous tip that we’ll stay away from, nonetheless thanks to Daniel for sending this in!

Update: Additional reports and comments are suggesting this is a bug in OS X Lion, if so we could expect a Security Update to Mac OS 10.7 in the near future that would remove the ability to run dscl without administrative authentication. We’ll keep you posted.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: William Pearson in Mac OS X, Tips & Tricks, Troubleshooting

46 Comments

» Comments RSS Feed

  1. eras3r says:

    This is a great tip but also kind of freaky that it’s so easy. Granted 99.9% of Mac users don’t know Terminal exists let alone how to use it, this just goes to show that using FileVault is an exceptionally good idea.

  2. Ari says:

    Would be nice to know what the “more mischievous” tip is – especially from an IT Administrator’s perspective.

  3. Peter says:

    That’s not a tip. It’s a bug.

  4. Anderson says:

    Assuming the “mischievous tip” is about cracking passwords, it’s still on your Facebook wall.

    I suspect a patch will be released by Apple so that sudo is required to use dscl, it would be a simple and immediate fix to any threat posed by this.

  5. McNab says:

    The real security risk here is that ANY app could activate this command and change your password because it doesn’t even ask for credentials! This would be a freakishly easy trojan to install on a victims machine, Apple HAS to patch this ASAP!

  6. Will says:

    Out of interest, as it’s a similar idea. Is there a command for Terminal that changes the user’s account name?

  7. Jim T says:

    This is a bug, not a feature. It freaks me out.

    I’m unfamiliar with the intricacies of this app, but is a simple quick stopgap fix for it:

    sudo chmod go-x /usr/bin/dscl

    on the command line? That’ll knock out execute permissions for anybody except root on it, effectively requiring authentication to run it.

    Is it that simple to patch? Or am I missing something bad that could come from doing this?

  8. M says:

    Where is this /Search directory? As far as I know, this directory never existed in a Unix system. So, this recipe doesn’t work as expected and we have nothing here.

  9. Paulo says:

    You’ve got to be kidding me… of course this is a bug!! Damn Lion… :-(

    • Polk says:

      Why does everyone think it’s a problem? On Windows you never needed to know current password to change to new one. Just right click on user under system manager and select Reset Password. Windows wont ask you for the current.

  10. maddler says:

    @M: it’s not actually a real directory but a logical path used by dsctl and of course you won’t find it on your filesystem.

    I’ve just checked and the bug (since allowing to change a password without any check IS a bug) is present on 10.7.1.

    Hope we’ll have this fixed soon.

  11. maddler says:

    @jim: yes, changing permissions could actually do the trick. But this would require at least a minimal shell knowledge and many users won’t go that forward. IMHO.

    An official fix is advised.

  12. MU says:

    dscl . -passwd /Users/
    NB: srch dir’s redundant.

    Another good reason not to use Lion as main OS!
    Long live SL!

  13. Wowzers says:

    The tool itself isn’t a bug, the bug is not to require sudo

    99% of the web doesn’t understand this.

  14. chiggsy says:

    @Wowzers, I can see a possible truth in your statement, yet, it is irrelevant. 99% of the web is right in this case, it needs to be fixed. Of course, since that LDAP hole is not fixed either, we might as well wait upon the convenience of the central planners.

  15. Alberto says:

    If it is so simple to change a password I wonder what is the meaning of security on Mac?……

  16. […] fallo se ha descubierto en Lion. Hace años que un agujero de seguridad parecido a este dejaba a merced de cualquiera el […]

  17. Tjb says:

    type this command in the terminal, it fixes the problem.

    sudo chmod 100 /usr/bin/dscl

  18. […] a Comment We recently wrote about the dscl utility and how it allows a Mac OS X Lion user to change a password without knowing the existing password. The lack of required admin authentication has since been widely reported as a bug, and a small […]

  19. Y says:

    it does not work anymore.

  20. Mr. X says:

    WOW thanks sooo much! didn’t think it would work!!

  21. T says:

    when I did tried it still asked for the old users password

  22. Rishi says:

    Thanks it saved my time..

  23. bagus says:

    its not working for 10.7.2
    its still askd for old passwd
    is there any other way?

  24. Cody says:

    i have tried to do this multiple times but it keeps asking for the old password which i do not have, i type in…
    whoami
    it comes up with user even though my username for my computer is Cody
    then i tried both of the following…
    dscl localhost -passwd /Search/Users/user
    And…
    dscl localhost -passwd /Search/Users/user
    after both it asks me for the new password but i am unable to type anything into the terminal, after i press return it says, permission denied, please enter old password
    thats where my problem lays, i don’t know it!
    what did i do wrong?

    • Cody says:

      whoops, the sentence after the And… was supposed to be…
      dscl localhost -passwd /Search/Users/Cody
      sorry for the mistake!

  25. Nancy says:

    Help. This did not work for me. After entering my new password, it responded with:

    Permission denied. Please enter user’s old password:

    • Paul says:

      That means you need to enter your old password or use an Admin account

      • Nancy says:

        Thank you so much for replying so quickly to my post!

        So are you saying that when I keyed in the “new password” it was my current password that I forgot? Not possible. But it doesn’t matter. I did find the following link which worked for me. Yes I did have to reboot from the Recovery HD, but it was easy. What annoys me now is that if it’s this easy to change an Admin password…what’s the point of having one …other than to have different settings, etc from other users in the house; but now I know it doesn’t protect me from anyone stealing my MAC and getting to my data.

        Thanks again …here is the link for anyone who who is struggling with forgotten admin passwords.

        http://osxdaily.com/2011/08/24/reset-mac-os-x-10-7-lion-password/

  26. itsroads says:

    When I’m in the TERMINAL, I do everything right. So when it brings me to ‘New Password:’ and then it says ‘Invalid Path’. What does that mean?

    • itsroads says:

      N/M I’m stupid. Now it says, ‘Permission denied. Please enter user’s old password:’ What am I doing wrong?

  27. Mevi Hariyanti says:

    dear sirs,

    I have tried as your advice:

    Last login: Tue May 15 19:50:43 on ttys000
    Mevis-MacBook-Air:~ mevihariyanti$ whoami
    mevihariyanti
    Mevis-MacBook-Air:~ mevihariyanti$ dscl localhost -passwd /Search/Users/mevihariyanti
    New Password:

    but when I try to type new password it is freezing, So I couldn’t type anything on it.
    Please help

    • Matt says:

      You won’t see a password entered, it’s a typical security measure in unix. Enter the password and hit return and confirm it and hit return again, you will never see a password entered into the terminal.

  28. Marcus Woodard says:

    everytime i try to type the new password nothing happens,please help

  29. khryztyne16 says:

    i can’t see what I’m typing and when i enter new password it says invalid…

    • repet says:

      anytime you type a password at the command line you can’t see it, that’s how every command line password prompt works.

  30. barcelona10 says:

    Does this still work? I am getting invalid path after putting in the new password.

  31. vickie says:

    hey i tried doing this but when it asks me for the new password it wont allow me to type it and i even tried copy and pasting but it wont let me do you have any suggestions?

  32. maddy says:

    i’ve tried it and it didn’t work. after i input the new password, it said invalid and ” DS Error: -14009 (eDSUnknownNodeName)” what should i do?

  33. jv says:

    I got “Permission Denied. Please enter user’s old password:”

    Any advice or other ways to change or reset password. I have OS X 10.7.5. Thanks.

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates