[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

absurd MacOS High Sierra bug

Subject: absurd MacOS High Sierra bug
From: jnn at synfin.org (John Newman)
Date: Wed, 29 Nov 2017 10:03:29 -0500

https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-login-as-root-with-no-password


The title pretty much says it all - you can login as root with no
password, or elevate to root privileges to make system changes with
no password, on all the current MacOS High Sierra releases. There
is a work around (I think you simply have to enable the root account,
with a password), but man..  wtf !?

It shouldn't affect sshd - PermitRootLogin defaults to no. However
it does appear to affect VNC / Apple Remote Desktop connections.
LOL! How does something like this get past QA ?

-- 
GPG fingerprint: 17FD 615A D20D AFE8 B3E4  C9D2 E324 20BE D47A 78C7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20171129/121d580a/attachment.sig>

Follow-Ups:
- absurd MacOS High Sierra bug
  - From: edwardlow at riseup.net (Edward Low)
- absurd MacOS High Sierra bug
  - From: linuxmajic at gmail.com (James Bunnell)
- absurd MacOS High Sierra bug
  - From: guninski at guninski.com (Georgi Guninski)
- absurd MacOS High Sierra bug
  - From: unicorn at blackhats.org (Quux)

Prev by Date: [OMELETTE] Germany on track to minimize crime stats since immigration influx
Next by Date: absurd MacOS High Sierra bug
Previous by thread: Cryptocurrency: Speaking of $10k...
Next by thread: absurd MacOS High Sierra bug
Index(es):
- Date
- Thread