MacOS High Sierra Bug Allows Login As Root With No Password (theregister.co.uk) 44

Posted by BeauHD from the trivial-to-exploit dept.
An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."

  • So, logging as root without password works on High Sierra if there's a root account without password?

    • Re: (Score:1)

      by Anonymous Coward

      By default, there's no root account. Attempting to log in as root with no password multiple times creates a root account with no password.

    • You're missing that it works if there is a disabled root account without a password too. Many people just give their own account admin access or create an admin account that isn't named root and disable the "root" account. You'd think that would be safe. It isn't.

    • Re: (Score:2)

      by elistan ( 578864 )
      From what I can gather, the bug is that a non-admin account can create an enabled root account without a password if there exists a disabled root account, regardless of the existing root account's password. And by default, a High Sierra install's root account is disabled, I think.

    • So, logging as root without password works on High Sierra if there's a root account without password?

      Just works with whatever is the default user configuration. I never modified anything other than creating an OSX user for myself.

      What's even better is that if you have remote desktop turned on, anyone can connect and login as root.

  • Tim Cook, please leave. Give us back a decent OS. Give us back good laptops/computers. Go sell shoes back again.

    • Re: (Score:3)

      by Megol ( 3135005 )

      Yes this is obviously the fault of Tim Cook. Forcing the poor programmers to insert security holes is indeed his MO as should be obvious from this article:
      http://www.theregister.co.uk/2... [theregister.co.uk]

    • Srsly, dude? Mac OSX is pretty much the slickest thing out there. Which OS, specifically, do you want Tim Cook to give you back? System 7? System 8? Because those were so much better..?
  • is "courage" to go beyond the heteronormative system of power and privileges. Why would you require privileges in a progressist society where everybody is equal.

    USER LIVES MATTERS !

  • And no, not my SE/30 that runs NetBSD.

  • Set the root password to something long and hard to guess (32 chars of mixed-case alphanumeric should do). Do this by running as an administrator:

    sudo passwd -u root

    This should do until Apple releases a real fix.

    Source [twitter.com]

    • ...but make sure you write down that 32 character password since you won't be able to sudo without it!

      Just curious what this will break...

  • it's just really, really sad to see megabucks Apple drop the ball like this.

    Apple drops the ball constantly. Sometimes they don't pick it back up, either. They leave routinely leave known, reported bugs in versions of the OS that are still in common use (in fact, they force them to be in common use by not letting some perfectly capable machines, even high end, expensive ones, upgrade to a later OS.) Then there are major screwups like "app nap" they stab us with, and the constant churn of "feature in, featur

  • I can understand if it let you in after hitting enter once, because then it's just ignoring something. If it denies entry the first few times and then lets you in, what do the *nix gurus think is happening after the first few denials to have it change its 'mind?

  • ... does not have this problem and that's why I don't use Mac OS so the real solution is to configure systemd and get a Linux box and dance to distro duck while unixifying the baseline adoptive parameters of the dilbertized root account.

