Jump to content

macOS High Sierra root user vulnerability

- - - - -

  • Please log in to reply
8 replies to this topic

#1
apianti

apianti

    I have dementia!

  • Developers
  • 586 posts
  • Gender:Not Telling

Apparently there appears to be a vulnerability where you can authenticate with root user and no password.

 

https://www.reddit.c...ty_password_on/

https://twitter.com/...578694541770752

https://news.ycombin...tem?id=15800676



#2
Maniac10

Maniac10

    InsanelyMac Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,982 posts
  • Gender:Not Telling

Apple always brings the best user experience, this time it's a vulnerability even a 5 year old can exploit.  :hysterical:

 

For now as countermeasure just change the root user's password with:

passwd root


#3
David-B

David-B

    InsanelyMac Protégé

  • Members
  • Pip
  • 24 posts

Has anyone here tried it? I know they say you shouldn't, but it seems harmless as long as you set a root password.



#4
smolderas

smolderas

    InsanelyMac Sage

  • Members
  • PipPipPipPipPipPip
  • 376 posts
  • Gender:Male

MacOS came always with root account without password. It was always deactivated though, and one would always activate it explicitly.



#5
wern apfel

wern apfel

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 557 posts
  • Gender:Male
  • Location:Earth

Fixed, with a new update 10.13.1 (17B1002). No restart required.



#6
Qwels

Qwels

    InsanelyMac Protégé

  • Members
  • PipPip
  • 59 posts
  • Gender:Not Telling

came the patch

Attached Files



#7
apianti

apianti

    I have dementia!

  • Developers
  • 586 posts
  • Gender:Not Telling

That was really fast, like a day. That's a good security team right there.



#8
Badruzeus

Badruzeus

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 634 posts
  • Gender:Male
  • Location:Indonesia
  • Interests:Graphics Design.

But there's another new issue after secUpd.. 



#9
smolderas

smolderas

    InsanelyMac Sage

  • Members
  • PipPipPipPipPipPip
  • 376 posts
  • Gender:Male

But there's another new issue after secUpd.. 

Just reinitialize the KDC and you are good to go.







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2017 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy