ByPass Login On MacOS High Sierra Without Password- Major Security Bug
A critical bug has been discovered in macOS High Sierra that lets an attacker log in as 'root' by leaving the password field blank and trying multiple times in a row.
The security bug is triggered via the authentication dialog box in Apple's operating system, The "root" account allows super-user access to your system. It's supposed to be disabled by default on macOS. For whatever reason, it's not on High Sierra. Instead, "root" is enabled and currently allows access to anyone without a password.
If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen.
Users who haven’t disabled guest user account access or changed their root passwords (likely most) are currently open to this vulnerability. We’ve included instructions on how to protect yourself in the meantime until an official fix from Apple is released.
Disabling guest user on macOS High Sierra
Step 1 | Launch System PreferencesStep 2 | Select Users & Groups
Step 3 | Select Guest User
Step 4 | Uncheck Allow guests to log in to this computer
Setting a password for 'root' fixes the problem :
Step 2 | Select Users & Groups
Step 3 | Select Login Options
Step 4 | Select Join next to Network Account Server
Step 5 | Select Open Directory Utility
Step 6 | Click the lock and enter your password to make changes
Step 7 | In the menu bar of Directory Utility, select Change Root Password
Step 8 | Create a strong, unique password
Leave a Comment