Blank gets you root
2017-11-29 16:52:24.903985+00 by Dan Lyke 0 comments
So if you weren't aware: MacOS High Sierra has an interesting bug where if you mash "enter" a couple of times, at a login screen, it'll log you in as root. The fix is to give your machine a root password. Note that though you can't SSH into the machine as root, there are various other possible remote access mechanisms which make it vulnerable, so if you're running High Sierra give your machine a root password ASAP.
Initially I thought "Oh, someone replaced the ':x:' or ':*:' in /etc/passwd with '::'", but it turns out it's more complex than that....
Objective-See: Why <blank> Gets You Root › tracking down the cause a serious authentication flaw