For those MAC users running High Sierra

Status
Not open for further replies.
nightshade00013

nightshade00013

Wizard
Joined
Apr 9, 2015
Messages
1,258
You have a major bug that allows anyone who knows about it to login as an ADMIN without a password.


https://arstechnica.com/information...ou-log-in-as-admin-with-no-password-required/
In one of Apple's biggest security blunders in years, a bug in macOS High Sierra allows untrusted users to gain unfettered administrative control without any password.

The bypass works by putting the word "root" (without the quotes) in the user name field of a login window, moving the cursor into the password field, and then hitting enter button with the password field empty. With that—after a few tries in some cases—the latest version of Apple's operating system logs the user in with root privileges. Ars reporters were able to replicate the behavior multiple times on three Macs. The flaw isn't present previous macOS versions.
Click to expand...
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
*sad tuba*
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "For those MAC users running High Sierra"

Similar threads

muffinMan
automount SMB shares on macOS High Sierra
Replies
4
Views
7K
rwillett
R
M
SOLVED Local Users Unable to Login
Replies
5
Views
14K
melonion
M
Z
  • Locked
Create additional Admin users? Password Reset option?
Replies
10
Views
15K
cyberjock
C
L
Samba / AD: ignore "DOMAIN\" for share logins
Replies
6
Views
2K
lwa
L
T
SOLVED HOWTO: FreeNAS with Open Directory in Mac OS X environments
2 3
Replies
47
Views
26K
kselltrum
K
Top