Not sure if that's sarcastic or serious. Whatever the case, it's poor beyond imagination.....
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not sure if that's sarcastic or serious. Whatever the case, it's poor beyond imagination.....
So, it's the first time that 'Display login window as : List of users' is way better than to ask for both User-'Name and password' since this will avoid the password-less root access?
Means one is still save with this setting once a login is needed, even if your machine is stolen (of course, only applies if encrypted).
Or is there a way to invoke the 'Name and password' dialog on the login window?
Shift-Option-Enter to get name and password up.
Although by entering root as described in the article automatically enables root and shows it.
EDIT: It's a real howler! If you open Directory Utility and disable root, it enables it again automatically! Must have originally been some background process for testing
Making superfluous comments on a tech site won't make your Post a reality. Cook is here to stay.
It would be if the 'trick' works in the Guest account environment when it's enabled. And most users do not disable the Guest account feature... So it's quite the breach.
Hackers broke Face ID a week after iPhone X release. With a cheap silicone mask.
https://www.wired.com/story/hackers-say-broke-face-id-security/
This part is confusing; what “feature” is being enabled in System Preferences? There also seem to be conflicting reports about whether it is possible to use the hack at the locked login screen without first “enabling” it as described above. Can this be clarified?
This is probably the worst security "bug" in an OS ever.
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.
To replicate, follow these steps from any kind of Mac account, admin or guest:
1. Open System Preferences
2. Choose Users & Groups
3. Click the lock to make changes
4. Type "root" in the username field
5. Move the mouse to the Password field and click there, but leave it blank
6. Click unlock, and it should allow you full access to add a new administrator account.
At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click "Other," and then enter "root" again with no password.
This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.
It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It's not clear how such a significant bug got past Apple, but it's likely this is something that the company will immediately address.
Until the issue is fixed, you can enable a root account with a password to prevent the bug from working. We have a full how to with a complete rundown on the steps available here.
Update: An Apple spokesperson told MacRumors that a fix is in the works:
Article Link: Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]
or get the simple path:
1. Open terminal
2. Type `sudo -s`
3. Type `passwd`
3. Type your new password twice
At least we know Apple is concentrating on features that really appeal to Pro users
Emojis and Siri
Emojis and Siri
That doesn’t work during a cold boot, i.e. after the computer has been shutdown. It does work if the screen is locked or you logged out of an account though.
So another way to stop the bug is to have FileVault on, only one user and to disable guest users on the computer, then make sure to shutdown after using the computer.
uh yeah, my post was a joke. Except for the sensitive cat pics part, that was for realz.
Right. It's Apple - I forgot. If it was Samsung or Microsoft, it would be a whole different song, no? Face ID has issues, MacOS has issues. The issues need to be fixed. Simple and complex as that. At least Apple has sole authority on the hardware.
Haha, this is getting so bad with the Mac ecosystem that it's not even funny anymore.
Well, yes, that's a big part of the reason why FileVault (and/or the facility to set a firmware password) is there. I'm not sure what your point is.
This bug allows you to gain root privilege on a running system, so it sounds like it could defeat FileVault, and certainly firmware passwords.
Its true that this is not going to be a major risk for the typical one-man-band user who doesn't bother with firmware passwords or encryption, but, what's really worrying is the level of sloppiness here (in this day and age, all authentication processes should have the living hell tested out of them by security specialists - you'd think Apple was still running out of Steve's garage) and not knowing what the fundamental underlying flaw is (are there other places where you can log in as root with a blank password...? remotely maybe?)
After toying with the root "null password" I was confronted with the pesky "Other Users" saddled on my login screen, where there is none (I am solo user).
To remove "Other Users" I used the Terminal command:
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
And. presto, peskiness removed.
To remove "Other Users" I used the Terminal command:
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
And. presto, peskiness removed.
Backdoor wasn't closed before the software was pushed to the public. Extremely sloppy work by Apple software engineering. Time for Craig (Federighi) to follow Scott Forstall. And a few senior software managers as well since we've also had reports of bugs being pushed in the GM despite documented instances of the exact problems already having been identified by beta testers as well as the public beta testers. This Apple crowd is overboard arrogant...'if we didn't find a problem in house, it doesn't exist.'
This is really really bad. [sarcasm]But hey who cares, as long as we're getting new cool emoji with the next update...[/sarcasm]
come on Apple, get your act together.
come on Apple, get your act together.
Steve Jobs used to shake up his management team all the time. Tim Cook has just grown his management team, without kicking anyone out. Apple's getting sloppier and sloppier by the year. It's time for a management refresh (including TC himself IMO).
Replicated this on macOS 10.13.1
I followed the instructions and set a root password.
But now I have created some sort of group, anyone have any idea why this has occured?
[doublepost=1511951186][/doublepost]btw this is a big deal. millions of macs are now vulnerable and most people aren't even aware of it.
I followed the instructions and set a root password.
But now I have created some sort of group, anyone have any idea why this has occured?
[doublepost=1511951186][/doublepost]btw this is a big deal. millions of macs are now vulnerable and most people aren't even aware of it.
It's a matter of minutes that botnets are going to search ssh open Mac's from the Interweb... and it will be like the loveletter on Windows long time ago... hundreds of thousands of computers will be infected.
Last edited:
It absolutely works!!!
The first time I tried, username "root", then I clicked the password field and left if blank, but it did not work. The second time though I typed some text in the password field then backspaced so it remained blank, and viola! I was able to unlock it!
Serious oversight!!! Crazy. And equally highly interesting something so simple can be achieved like this. I wonder what the significance of "root" username with a blank field is.
The first time I tried, username "root", then I clicked the password field and left if blank, but it did not work. The second time though I typed some text in the password field then backspaced so it remained blank, and viola! I was able to unlock it!
Serious oversight!!! Crazy. And equally highly interesting something so simple can be achieved like this. I wonder what the significance of "root" username with a blank field is.