Twitter | Search | |
Lemi Orhan Ergin
Dear , we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it ?
Reply Retweet Like More
Baby Boomer Kuwanger Nov 28
is this good??
Reply Retweet Like
Michael Graziano Nov 28
(Yes , this level of what-the-fuck-did-you-do stupid is Panda Facepalm worthy.)
Reply Retweet Like
Jens-Wolfhard Nov 28
Intuitive UI actually. Physical doors + locks also give up when you try hard and often enough. :P
Reply Retweet Like
Heretic Nov 28
It's worse than that:
Reply Retweet Like
Noah Solomon Nov 28
Can confirm on 10.13.2 Beta (17C79a) that's pretty bad
Reply Retweet Like
Jean-David Gadina Nov 28
Only happens if the root user is not enabled through DirectoryService, which is the default... OMFG
Reply Retweet Like
Peter Corless 🌎☮ Nov 28
I just tried it on a Mac. Logged in as "guest" then did uid/pwd "root/[blank]" you suggested. Worked after hitting return twice. Allowed me to change network settings.
Reply Retweet Like
Tomas Nov 28
Let me know how that test goes!! Always nice to know if my password protection is utterly worthless!
Reply Retweet Like
Obi-Wan Saunobi Nov 28
Multiple times? :D
Reply Retweet Like
Sam Reed Nov 28
You really should've emailed them at product-security@apple.com and disclosed/reported this responsibly...
Reply Retweet Like
Ross Derewianko Nov 28
Replying to @DJCPI @lemiorhan and 2 others
I hope they send nothing.. For not going through responsible disclosure, and instead exposing millions of systems.
Reply Retweet Like
christopher w xyz🔥 Nov 28
this will also allow you to decrypt FileVault. this is so bad.
Reply Retweet Like
Dan Frakes Nov 28
Can you log in from the login screen, or (per your screenshot) is it just authenticating admin actions? I'm assuming if you have FileVault enabled, this works only *after* unlocking the drive?
Reply Retweet Like
Apple Support Nov 28
Replying to @techepet
We'd like to look further into this with you. Please DM us any other details on this issue and we'll look closer into why this is happening with you there.
Reply Retweet Like
Becca Nov 28
I only had to enter twice.
Reply Retweet Like
Keith Makan Nov 28
Reply Retweet Like
Apple Support Nov 28
Replying to @kaimoringen
We'd like to take a closer look at what's happening. DM us with more details, including what type of Mac you're using. We'll look forward to chatting with you further.
Reply Retweet Like
technopagan ⁧✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨✨ Nov 28
Replying to @zmarffy @Themetris
also it gets non-technical folks to install updates. Emojis makes everyone more secure.
Reply Retweet Like
arkaaito Nov 28
Doesn't appear to affect Sierra - tried it several dozen times on my Sierra laptop and it just shows me the [blank] password hint.
Reply Retweet Like