Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
macOS High Sierra bug allows Admin access without password
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Cr00zng" data-source="post: 1778641" data-attributes="member: 318059"><p>This bug seems really bad...</p><p></p><p>Once you assign a password to the root account, it is seemingly a workaround for this bug. But, if you follow the recommendation of disabling the root account afterward, you might be in for a surprise. </p><p></p><p>Go ahead and try changing system settings, after the password is set and the root account disabled: </p><p></p><ul> <li data-xf-list-type="ul">Type in root and no password for admin credentials in the authentication window and press enter</li> <li data-xf-list-type="ul">do the same again and voila, you have root access</li> </ul><p>At the first time, the system will enable the root account and sets the password to blank. At the second try, it'll just log you in, just like it worked initially. I've seen a lot of serious bugs before, but this one is the worst ever! </p><p></p><p>Leaving the root account enabled, not recommended by Apple, seemingly prevents this bug to resurface. The side effect is that, if you look in the logs there is a failed authorization and then it succeeds in spite of that. Awesome Apple, one of the system process relies on the root account without password. Are you !@#$ serious!!</p></blockquote><p></p>
[QUOTE="Cr00zng, post: 1778641, member: 318059"] This bug seems really bad... Once you assign a password to the root account, it is seemingly a workaround for this bug. But, if you follow the recommendation of disabling the root account afterward, you might be in for a surprise. Go ahead and try changing system settings, after the password is set and the root account disabled: [LIST] [*]Type in root and no password for admin credentials in the authentication window and press enter [*]do the same again and voila, you have root access [/LIST] At the first time, the system will enable the root account and sets the password to blank. At the second try, it'll just log you in, just like it worked initially. I've seen a lot of serious bugs before, but this one is the worst ever! Leaving the root account enabled, not recommended by Apple, seemingly prevents this bug to resurface. The side effect is that, if you look in the logs there is a failed authorization and then it succeeds in spite of that. Awesome Apple, one of the system process relies on the root account without password. Are you !@#$ serious!! [/QUOTE]
Verification
Post reply
Forums
General Discussions
Security Awareness
macOS High Sierra bug allows Admin access without password
Top