SleepyEgg

A security researcher has discovered that changes to Directory Services in Lion make it much easier to access and potentially crack hashed user passwords. Worse yet, it is possible for any user to change any currently logged in user's password, making it much easier to gain root remotely.

According to researcher Patrick Dunstan, Directory Services' command line utility can be run by any user. By itself, this isn't necessarily a security problem, but at least two functions make it trivial to access user password hashes or even change the current user's password without administrator authentication.