FileVault shouldn't automatically enable new user accounts to unlock the disk
| Originator: | nicolas | ||
| Number: | rdar://11296818 | Date Originated: | 2012-04-22 |
| Status: | Open | Resolved: | |
| Product: | Mac OS X | Product Version: | 11D50 |
| Classification: | Security | Reproducible: | Always |
Summary: When I create a new user account, it is automatically enabled by FileVault to unlock the disk. Steps to Reproduce: 1. Enable FileVault 2. Open System Preferences 3. Open the Users & Groups panel 4. Unlock to lock 5. Click the + button 6. Fill the fields 7. Click "Create User" Expected Results: 1. An alert should be displayed that allows the user to choose whether or not the account should be able to unlock the disk. 2. The default choice should be to not enable the account. Actual Results: The new account is automatically enabled to unlock the disk. The user is unaware of the fact that this account can unlock the disk. No warning is displayed. The user cannot disable the account to unlock the disk. (see rdar://11296771).
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!