CREATIVE PROGRAMS AND SYSTEMS

PROFESSIONAL PEOPLE. PROFESSIONAL RESULTS.

810-224-5252
computer tune up Brighton, Howell, Pinckney, Michigan tune up computer Livingston County
computer tune up Brighton, Howell, Pinckney, Michigan tune up computer Livingston County
computer tune up Brighton, Howell, Pinckney, Michigan tune up computer Livingston County
computer tune up Brighton, Howell, Pinckney, Michigan tune up computer Livingston County
computer tune up Brighton, Howell, Pinckney, Michigan tune up computer Livingston County
computer tune up Brighton, Howell, Pinckney, Michigan tune up computer Livingston County

CPS NEWS STAND PROFESSIONAL NEWS. PROFESSIONAL ADVISE.

Login Vulnerability Found On MacOS High Sierra

2017-11-29 16:56:17


Anyone can login as “root” with empty password on MacOS High Sierra






 

Try this:

Solution 1:

On startup, click on "Other"

Enter username: root and leave the password empty. Press enter. (Try twice)

If you're able to log in (hurray, you're the admin now), then head over to System Preferences>Users & Groups and create a new Admin account.

Now restart and login to the new Admin Account (you may need a new Apple Id). Once you're logged into this new Admin Id, you can again proceed to your System Preferences>Users & Groups. Open the Lock Icon with your new Admin ID/Password. Assign "Allow user to administer this computer" to your original Apple ID. Restart.

Now login with your original Apple Id. (In case you wish to remove the "Other" login option on startup read this: https://support.apple.com/en-in/HT204012

Solution 2:

If you're unable to login at startup using username: root and empty password, then login with your existing account (standard user).

Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon. If it does, try Solution 1 next.

P.S. Solution 2 worked for me. No idea how or why. Hope this helps.

Anyone trying this out needs to be careful because you are enabling the root account without a password. You should change the root password to protect against this vulnerability until Apple resolves it. Disabling the root account will make your computer vulnerable again even if you set a password.

Original Source: https://forums.developer.apple.com/thread/79235 and https://www.reddit.com/r/apple/comments/7g6y06/anyone_can_login_as_root_with_empty_password_on/

 

 




OTHER ARTICLES:

More...
News Stand icon

TESTIMONIALS

"Thank you for guiding us with our tablet programming. The staff is thrilled at how quickly they can perform their tasks now and how wonderfully responsive your team has been."

Scott Kiefer
Matrix Quality Services, Inc.