macOS High Sierra login flaw - root

bbigford

Flaw in the login screen with the latest release. Simply typing in 'root' allows the user to login without entering a password. https://www.cnet.com/news/apple-flaw-allows-macos-high-sierra-logins-without-passwords/

Kelly

@bbigford said in Apple login flaw - root:

Flaw in the login screen with the latest release. Simply typing in 'root' allows the user to login without entering a password. https://www.cnet.com/news/apple-flaw-allows-macos-high-sierra-logins-without-passwords/

Best part is, if the machine is logged in, this will bypass filevault.

DustinB3403

@kelly said in macOS High Sierra login flaw - root:

@bbigford said in Apple login flaw - root:

Flaw in the login screen with the latest release. Simply typing in 'root' allows the user to login without entering a password. https://www.cnet.com/news/apple-flaw-allows-macos-high-sierra-logins-without-passwords/

Best part is, if the machine is logged in, this will bypass filevault.

Well of course, you're root at that point and get do do whatever you want.

rm -rf *.*

Kelly

@dustinb3403 said in macOS High Sierra login flaw - root:

@kelly said in macOS High Sierra login flaw - root:

@bbigford said in Apple login flaw - root:

Flaw in the login screen with the latest release. Simply typing in 'root' allows the user to login without entering a password. https://www.cnet.com/news/apple-flaw-allows-macos-high-sierra-logins-without-passwords/

Best part is, if the machine is logged in, this will bypass filevault.

Well of course, you're root at that point and get do do whatever you want.

rm -rf *.*

If the computer is off, and then powered on the flaw cannot bypass filevault since the "disabled" root account doesn't have its own key to decrypt.

nadnerB

Obligatory: Macs don't get viruses
Obviously there's no need for a virus, when the front door doesn't lock

dbeato

Lemi Orhan let them know here:
https://twitter.com/lemiorhan/status/935578694541770752
Same here:
https://twitter.com/lemiorhan/status/935581020774117381

Workaround is here:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/block_root_account_login

dbeato

Applied it on all the Macs we had at the office.

caramel

Today is a day of fail.

s.hackleman

The quick fix is sudo pwd to change the root password to something non-blank. I assume apple with have a fix out quick.

WLS-ITGuy

Why is root enabled by default?

RojoLoco

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

WLS-ITGuy

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

OK. Because that was the answer I was looking for :SMH

Kris_K

Check the app store for new updates. There's an update available to fix this one.

RojoLoco

This post is deleted!

s.hackleman

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

OK. Because that was the answer I was looking for :SMH

For as logical and well mannered as people here are, it is frustrating to even visit Mango and try to have a conversation as an Apple user.

s.hackleman

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

It isn't the bug is doing a PW check against the disabled account, or is enabling this disabling the account for the check.

RojoLoco

@s-hackleman said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

OK. Because that was the answer I was looking for :SMH

seriously.... fuck crapple in their self righteous ass....

For as logical and well mannered as people, it is frustrating to even visit Mango and try to have a conversation as an Apple user.

Logical and well mannered apple users are the tiny minority.

s.hackleman

@rojoloco said in macOS High Sierra login flaw - root:

@s-hackleman said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

OK. Because that was the answer I was looking for :SMH

seriously.... fuck crapple in their self righteous ass....

For as logical and well mannered as people, it is frustrating to even visit Mango and try to have a conversation as an Apple user.

Logical and well mannered apple users are the tiny minority.

As are educated and logical places on the internet to have conversations about technology... so let's keep this one.

RojoLoco

@s-hackleman said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@s-hackleman said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

OK. Because that was the answer I was looking for :SMH

seriously.... fuck crapple in their self righteous ass....

For as logical and well mannered as people, it is frustrating to even visit Mango and try to have a conversation as an Apple user.

Logical and well mannered apple users are the tiny minority.

As are educated and logical places on the internet to have conversations about technology... so let's keep this one.

Educated and logical places on the internet are more prevalent than non-shitty apple users, soooo.........

WLS-ITGuy

@rojoloco said in macOS High Sierra login flaw - root:

@s-hackleman said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@s-hackleman said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

@rojoloco said in macOS High Sierra login flaw - root:

@wls-itguy said in macOS High Sierra login flaw - root:

Why is root enabled by default?

Because apple sucks ass?

OK. Because that was the answer I was looking for :SMH

seriously.... fuck crapple in their self righteous ass....

For as logical and well mannered as people, it is frustrating to even visit Mango and try to have a conversation as an Apple user.

Logical and well mannered apple users are the tiny minority.

As are educated and logical places on the internet to have conversations about technology... so let's keep this one.

Educated and logical places on the internet are more prevalent than non-shitty apple users, soooo.........

That could mean that both this place and non-shitty apple users are equally rare. Why you gotta be a douche-canoe?