Require Password to Wake / Unlock can be disabled without password

Originator:martin.kopischke
Number:rdar://11484075 Date Originated:05/18/12
Status:Open Resolved:No
Product:Mac OS X Product Version:10.7.4
Classification:Security Reproducible:Always
 
Summary:
Even when Security settings in System Preferences are locked, the “Require Password to Wake / Unlock” is is freely settable. While arguably convenient when a matter of enabling the setting, this should not be unsettable without being prompted for a password once enabled.

Steps to Reproduce:
1. open System Preferences
2. open Security settings
3. enable “Require Password to Wake / Unlock”
4. lock Security settings

Expected Results:
Checkbox gets disabled until Security settings are unlocked.

Actual Results:
Checkbox is still enabled.

Regression:

Notes:
Access via the Security Preferences suite of System Events in AppleScript does trigger a SecurityAgent prompt, but this can be dismissed without affecting the result above.

Comments

RADAR STATUS: Closed as duplicate

… as Openradar will not allow me to reconnect to my own radars (with the exact same Google account. Effing great).

By martin.kopischke at Aug. 30, 2012, 3:10 p.m. (reply...)

Follow-up: 207192127

Hello Martin,

Thank you for filing this issue via Apple's bug reporting system. Apple takes every report of a potential security issue very seriously.

After examining your report we do not see any actual security implications. Locking a preference pane is intended to protect system-level preferences from being modified. The "Require password to wake/unlock" is a user-level preference.

If you have any questions or concerns please feel free to contact us.

Thank you, Jeffrey Czerniak Apple Product Security

By martin.kopischke at Aug. 30, 2012, 3:05 p.m. (reply...)

23-May-2012 01:33 AM Apple Developer Bug Reporting Team :

This bug has been closed as Duplicate. The issue is being tracked under the Bug ID listed below in the Related Problem section of your bug report [bug # 10958585]. To check the status of the original bug report, please visit the Related Problem section of the Problem Detail view of your closed duplicate bug.

For further information on the status of the original bug report, please update your report directly http://bugreport.apple.com and we will provide you with any available information.

By martin.kopischke at Aug. 30, 2012, 3:05 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!