It doesn't work for me, but I'm running Version 10.13.2 Beta (17C79a). So it looks like it is fixed in the next update.
Last edited:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
can do the same with Macs forever by just booting into single user mode
I've had the root user enabled for years, so not a concern here, but if this a "lazy backdoor" created by an Apple developer, and left in by mistake, I would be shocked! Let's hope this issue gets a proper followup and internal remedy.
You will get to user/password prompt windows open at the same time (the first will spawn the second). Punch in root, click on password field, leave it blank, then click OK. It’ll fail the first time, then work the second time.
Looking at a video on another comment it may not have done. I didn't enter root at the second prompt as it wasn't listed in the original steps. Did you do so or just cancel the second one?
I've tested High Sierra Beta 2 Update 1 (17A291m) on multiple machines now, and the bug still doesn't seem to trigger there, although it does have the new login UI.
As long as the home directory isn't encrypted. Also booting in recovery mode and terminal.
Yeah, High Sierra has been the sloppiest release of macOS/OS X I've seen in a very long time.
I don't know what the magic seems to be. I cannot get root with no password to login after a dozen tries. It does not work with Users & Groups after another dozen tries. Every time I try to use root to unlock Users & Groups, I get a dialog box saying root is trying to unlock Users & Groups, and if cancel the dialog nothing happens. This is from my account which is an admin account. Oh, however, it just occurred to me, I am running Version 10.13.2 Beta (17C79), so it looks like it's fixed in the next update.
It doesn't make this any better but there have been root escalation exploits for nearly every version of OS X. I posted one earlier in the thread for 10.4 Tiger, when it was still very much Steve's Apple.
You need to enter root/blank in the second credential window. It’ll fail the first time after a slight delay, then work the second time.
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.
To replicate, follow these steps from any kind of Mac account, admin or guest:
1. Open System Preferences
2. Choose Users & Groups
3. Click the lock to make changes
4. Type "root" in the username field
5. Move the mouse to the Password field and click there, but leave it blank
6. Click unlock, and it should allow you full access to add a new administrator account.
At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click "Other," and then enter "root" again with no password.
This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.
It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It's not clear how such a significant bug got past Apple, but it's likely this is something that the company will immediately address.
Until the issue is fixed, you can enable a root account with a password to prevent the bug from working. We have a full how to with a complete rundown on the steps available here.
Article Link: Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix
Amateurs!
Works first time and every time. I just change username to root and press TAB and then ENTER. unlocks flawlessly! Reminds me of the Windows XP admin no password flaw way back in the day.
It doesn't work for me after a dozen tries both in login and Users & Groups, both clicking immediately or waiting for 30 seconds or so. But see my post below.
10 years ago I started buying Apple products to avoid this kind of bugs.
Funny how things change
True things have change however we need to keep in mind Apple is innovating at a much faster pace than before. New hardware and OSes are released every year. In the past is wasn’t as frequent and I believe this allowed them to really focus on development more thoroughly.
I'm more surprised you'd still have High Sierra Developer Beta 2 installed on multiple Macs. On my 2012 rMBP those early betas were a mess, but the release builds still start to lag way more than they should with just a few apps open.
Got to be honest, I think I can safely say I've had more issues with High Sierra post-release than with any other MacOS I've used. My 5K iMac is now formatted APFS on a fast PCIe SSD, and when I open up my Dock stacks the image thumbnails load as if I were using a mechanical drive. On MacOS Sierra it was almost instantaneous. Plus the wake from sleep is definitely slower compared to MacOS Sierra. And I sometimes have to restart to get back 30 GB of space on my drive (usually just put my iMac to sleep).