Flutterby™! : Blank gets you root

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Blank gets you root

2017-11-29 17:52:24.903985+01 by Dan Lyke 0 comments

So if you weren't aware: MacOS High Sierra has an interesting bug where if you mash "enter" a couple of times, at a login screen, it'll log you in as root. The fix is to give your machine a root password. Note that though you can't SSH into the machine as root, there are various other possible remote access mechanisms which make it vulnerable, so if you're running High Sierra give your machine a root password ASAP.

Initially I thought "Oh, someone replaced the ':x:' or ':*:' in /etc/passwd with '::'", but it turns out it's more complex than that....

Objective-See: Why <blank> Gets You Root › tracking down the cause a serious authentication flaw

[ related topics: Interactive Drama Weblogs California Culture Sports Macintosh Cryptography ]

comments in descending chronological order (reverse):