Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

If “show input menu” is checked, this works on Login Window too (logs you into root user).

I guess it’s because root doesn’t have any pw by default. See below



 
The World's largest company with more cash than many countries, is too focused on their new spaceship campus than they are on basic computer science 101. I have been an Apple fan and advocate since 1984. But this is inexcusable! Stop worrying about the colors of the next watch bands and keep your eye on the ball on these basic fundamentals. What the hell are the thousands and thousands of employees doing??? I am beyond disappointed...
 
  • Like
Reactions: lysingur, nvmls and haruhiko
The first time you try it it won't work, because it has to enable the root user.

Wait for a second or two then try again. The second time should work.
 
  • Like
Reactions: the johnmc
whooleytoo said:
I was trying to reproduce this on Sierra (my current OS) to see if it also happens there.

My experience: the root account was disabled, so this bug/exploit wouldn't work. If I enabled the root account (via Directory Utility) without any password, then sure I could log in as root from the login screen without a password, but that's no saying much.

So is the issue that the root account is enabled on High Sierra by default? If someone in High Sierra opens Directory Utility, clicks the lock and enters an admin password, then checks the edit menu, is there a menu item "Enable Root User" or "Disable Root User"?
Click to expand...

Nope -- the issue, it turns out, is that it re-enables automatically. Look back #347 where you see "/// WITHDRAW ///"
 
Last edited:
  • Like
Reactions: whooleytoo
iOS 11 and High Sierra are living proof of Apple's aggressive Yearly Major Updates are too much for them to handle. I have never seen Apple's software more buggy than now. Not just the big things but all the small stuff - it is Jost broken. Since 1996 I have been updating ASAP.

I have not installed High Sierra nor iOS 11. I am tired of being exploited as a Beta Tester without Signing up.

I said Beta. I meant Alpha !
 
  • Like
Reactions: lysingur
This is unbelievably shoddy for a company like Apple. Just shows their inattention to all things Mac at the benefit of iPhone.

That's not to say OS11 isnt one of the buggiest iOS releases EVER, because it is.
 
Yep, I can confirm it did it for me. However you need to click the blue "Unlock" button a couple of times. Doesn't work 1st time.

Easy to fix. Just launch a Terminal window. Type in the first line below and hit return.
sudo passwd -u root
Password: <enter your password here>
Changing password for root.
New password: <enter a password for root user>
Retype new password: <enter same password again for root user>
 
marty11 said:
This is unbelievably shoddy for a company like Apple. Just shows their inattention to all things Mac at the benefit of iPhone.

That's not to say OS11 isnt one of the buggiest iOS releases EVER, because it is.
Click to expand...

100% this. Between issues with Messages app not showing the screen correctly or not showing me the input box at all, to where my Phone app "Recents" frequently is missing most of the current days calls, it's ridiculous.
 
Feenician said:
"If someone knows the password of a user on your system". If someone knows your password to your admin user you pretty much deserve whatever happens
Click to expand...

The user does not need to be an admin user for this to happen. I have tested this on multiple High Sierra installs, both with admin and standard users. Giving root access to a standard user is kind of a big issue. Luckily, there are only two users on High Sierra where I work - my manager and me.
 
Now I wish my work computer is a Mac.

Windows’ user management is too sophisticated that I can’t elevate myself to admin :(
 
ryanayr said:
This is worrying. Apple need to focus on Mac and stop rushing! What’s happening with Apple?
Click to expand...

Nothing, they utilize the fact that folks will install anything Apple throws at them. The sooner everyone STOPS downloading the new versions - the sooner Apple will notice that folks are tired of beta testing and buggy software.
But in this day and age in the western world, people have nothing better to do than download the latest greatest in between work and reality tv.

That said, Apple could release Major versions every month and still be more stable than Windows...
iOS and macOS are master pieces.

Personally I would just wish they would slow down and not kill a version when it starts to become good and replace it with a less good version and kill that when it gets good :D
 
  • Like
Reactions: 6803390
A lot of bugs in MacOS & iOS just now. I found and reported one in iOS 11, that doesn't happen in iOS 10.
This usually indicates a lack of focus by Apple on these areas. That the platforms are in maintenance and being looked after by the B team.
Which raises an interesting question: What are the A Team at Apple focused on right now?
 
bbfc said:
Admin account. I only have the one account. Tried this numerous times. It does not work for me.
Click to expand...
Enter your own account password and it should unlock. I have no idea what's going on now.

`su - root` will deny me authorisation with empty password as well. I am sure this has to do with individual settings. I got 3 friends to test it and it did not work for them as well.
 
wizardbj said:
/// WITHDRAW ///

Excellent answer; thank you for a thoughtful answer. But it brings up another question, as I looked at my not-yet-upgraded system, and it doesn't have a root password, and 'root' is not enabled. I've got my account as an Admin, and never set a 'root' password. But it isn't getting somehow a problem.

So on High Sierra, yes, 'root' has a blank password, but isn't the bug that the process of upgrading did an enablement. You only upgrade once, so the true bug is just that the status was changed when it shouldn't have been touched -- so setting it back to Disabled fixes it. Or is there some sort of daemon that keeps re-enabling it? If not, then how could 'root' -- blank password or not -- be a viable credential for any purpose at all (including attempting to log in or change the security locks)?

UPDATE: Tried it out -- in fact, the condition reactivates, and 'root' is re-enabled. Presumably not a daemon as the culprit, but the credential challenge routine itself does the deed as part of its work. Oh, my.
Click to expand...

The root user is enabled only when you first press enter in the credentials window. That's why it often initially plays the reject animation (the account wasn't enabled yet), but then proceeds on the second enter (account is suddenly enabled).
 
  • Like
Reactions: bernuli and the johnmc
Wow. I know I'm not adding anything to the discussion, but just feel the need to say it again: "Wow."

This is disastrous. Used to be that "the root user is disabled by default" was a held up as a real security feature. Apparently it's not only enabled, but trivial to access.

I'd love to know what the mistake was that causes this. This strikes me as a teachable moment if ever there was one.

artfossil said:
I’ll download and install the fix. Meanwhile, this bug has zero impact on my life.
Click to expand...
It has no impact until it does, and then it's basically keys to the kingdom. Usually a hacker has to be clever to get this level of access...
 
The second thing Apple should do is trace the change, figure out who did it, then prosecute them.

The fact that it's enabling root means it's not a bug, it's an intentional code insertion.
 
Analog Kid said:
Wow. I know I'm not adding anything to the discussion, but just feel the need to say it again: "Wow."

This is disastrous. Used to be that "the root user is disabled by default" was a held up as a real security feature. Apparently it's not only enabled, but trivial to access.

I'd love to know what the mistake was that causes this. This strikes me as a teachable moment if ever there was one.


It has no impact until it does, and then it's basically keys to the kingdom. Usually a hacker has to be clever to get this level of access...
Click to expand...
Only my home iMac. (Uni laptop not updated yet.). No other users. Not online until I am. And finally: I don’t store much of anything locally and my online life is an open book. I am not experiencing any anxiety.
 
Last edited:
I really have no idea how to reproduce this on my end.

I tried all sorts of possible combination suggested here and the only way I could gain access to root is using my admin's account password (the only account I have). Any other garbage text and blank password in the password field and just do not work for me at all.

Running `su - ` or `su - root` did not work either.
[doublepost=1511917889][/doublepost]
WildCowboy said:
I'd imagine a lot of people have guest accounts (they're convenient) turned on and have no idea what root is.
Click to expand...

bbfc said:
I tried again. Entered root as the username in the first dialog box, left password blank. Entered root again in the second prompt, left password blank. And it worked!! :eek:
Click to expand...

SqB said:
are you seeing this in the terminal? SSH? I've been trying a few things to try to see if the issue can be replicated on the command line, but have not had success. Seems like the GUI is the only place to replicate the issue.
Click to expand...

farawayfrome said:
on my recently repaired mbp the name 'root' is already being used by another user
Click to expand...

Can't get it to work with all the above combinations.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back