CREATIVE PROGRAMS AND SYSTEMS

PROFESSIONAL PEOPLE. PROFESSIONAL RESULTS.

810-224-5252

CPS NEWS STAND PROFESSIONAL NEWS. PROFESSIONAL ADVISE.

Login Vulnerability Found On MacOS High Sierra

2017-11-29 16:56:17


Anyone can login as “root” with empty password on MacOS High Sierra






 

Try this:

Solution 1:

On startup, click on "Other"

Enter username: root and leave the password empty. Press enter. (Try twice)

If you're able to log in (hurray, you're the admin now), then head over to System Preferences>Users & Groups and create a new Admin account.

Now restart and login to the new Admin Account (you may need a new Apple Id). Once you're logged into this new Admin Id, you can again proceed to your System Preferences>Users & Groups. Open the Lock Icon with your new Admin ID/Password. Assign "Allow user to administer this computer" to your original Apple ID. Restart.

Now login with your original Apple Id. (In case you wish to remove the "Other" login option on startup read this: https://support.apple.com/en-in/HT204012

Solution 2:

If you're unable to login at startup using username: root and empty password, then login with your existing account (standard user).

Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon. If it does, try Solution 1 next.

P.S. Solution 2 worked for me. No idea how or why. Hope this helps.

Anyone trying this out needs to be careful because you are enabling the root account without a password. You should change the root password to protect against this vulnerability until Apple resolves it. Disabling the root account will make your computer vulnerable again even if you set a password.

Original Source: https://forums.developer.apple.com/thread/79235 and https://www.reddit.com/r/apple/comments/7g6y06/anyone_can_login_as_root_with_empty_password_on/

 

 




OTHER ARTICLES:

More...
News Stand

TESTIMONIALS

"Outstanding experience. Staff was informed and super helpful on the phone and in person. Accommodating to my schedule and happy to help in the smallest way. Locally owned and operated which is a real bonus! Thanks CPS for your great service."

Cynthia Smith, Residential Customer