Twitter | Search | |
Lemi Orhan Ergin
Dear , we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it ?
Reply Retweet Like More
Lemi Orhan Ergin 28 Nov 17
Replying to @AppleSupport @Apple
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable!
Reply Retweet Like
Michael Graziano 28 Nov 17
Sometimes works the first time, sometimes takes a few tries. Something's rotten in the authentication layer!
Reply Retweet Like
Tomas 28 Nov 17
And as someone else stated, I was even able to login from main login windows using root and no password just hit enter….serious bug!
Reply Retweet Like
Levente Kurusa 28 Nov 17
Reply Retweet Like
Alessandro Prete 28 Nov 17
Just tried and I was like...
Reply Retweet Like
Fahad AlSamari 28 Nov 17
Remember “it just works” 😅
Reply Retweet Like
Kurt 28 Nov 17
same... no luck when its a non-root admin account.
Reply Retweet Like
rotophonic 28 Nov 17
Confirmed High Sierra 10.13
Reply Retweet Like
Bret Martin 🗽 28 Nov 17
confirmed here too. two tries.
Reply Retweet Like
Whitney Merrill 28 Nov 17
Probably more effective if you had used their bug bounty program for reporting. Apple Support = tech support, not security vulnerability reporting:
Reply Retweet Like
AJ DiGregorio 28 Nov 17
Replying to @wbm312 @lemiorhan and 2 others
always go directly to the company via private channels before publicly disclosing massive vulnerabilities like this.
Reply Retweet Like