Twitter | Search | |
Lemi Orhan Ergin
Dear , we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it ?
Reply Retweet Like More
Michael Graziano Nov 28
Sometimes works the first time, sometimes takes a few tries. Something's rotten in the authentication layer!
Reply Retweet Like
TallDarknWeirdo [darkmöde] Nov 28
huh. Can't reproduce on 10.12.6
Reply Retweet Like
Tomas Nov 28
And as someone else stated, I was even able to login from main login windows using root and no password just hit enter….serious bug!
Reply Retweet Like
Whitney Merrill Nov 28
Probably more effective if you had used their bug bounty program for reporting. Apple Support = tech support, not security vulnerability reporting:
Reply Retweet Like
Zeke Marffy Nov 28
They’re not the ones who “add” emojis. So many people don’t understand this…
Reply Retweet Like
Michael Linde Nov 28
Um, not on High Sierra machines at my work - are you sure that isn’t someone’s management setup (as bad as that is)?
Reply Retweet Like
The Register Nov 28
Replying to @mlinde @lemiorhan and 3 others
It works for us. This is not gr8.
Reply Retweet Like
Tim Gostony Nov 28
Replying to @mlinde @lemiorhan and 3 others
sadly just reproduced it on a mostly clean install
Reply Retweet Like
Thomas Fuchs 🕹📺 Nov 28
Reply Retweet Like
Clone Gunman Nov 28
Reset your SMC.
Reply Retweet Like
Brian “the influencer” Hoffman Nov 28
wow this is so bad...
Reply Retweet Like
Bloonface Nov 28
Literally just tried it here too. Got straight in, first try.
Reply Retweet Like
Michael Linde Nov 28
We are installing a new vanilla 10.13 VM right now to test unmanaged setup. (Stay tuned if you want)
Reply Retweet Like
Kai Nov 28
I can confirm the behavior on my machine running 10.13.1. Absolutely unbelievable!
Reply Retweet Like
Tim Gostony Nov 28
Reproduced on mine, an "Enter your password" prompt
Reply Retweet Like
Michael Graziano Nov 28
Is FEATURE: Forget your password? Just log in as root!
Reply Retweet Like
Matty ● マティー Nov 28
Just checked, works, on first try. This is not good.
Reply Retweet Like
Earle Ady Nov 28
You can login this way as well. It's 2017. Intentional backdoor.
Reply Retweet Like
Zeke Marffy Nov 28
Replying to @Themetris
I guess that’s true. But leaving out support for new existing characters would be pretty bad, even if admittedly not as bad as a security issue.
Reply Retweet Like