Other issues in this category (35)
Epic and revealing
Wednesday, January 17, 2018
This message can come as a shock to macOS users:
According to this tweet, root access can be acquired by anyone who goes to System Preferences → Users & Groups, opens any user account page, clicks on the padlock (places the cursor on the password-input field before clicking the unlock button), enters “root” as the login and uses an empty password. Clicking Unlock repeatedly will "convince" macOS that root privileges must be granted.
Many users confirmed that the issue did exist in their systems.
What makes matters worse, the trick also works on the system login screen.
To resolve this issue, enable the root account (don't use an empty password). The easiest way to accomplish this is to run the following command in the terminal:
sudo passwd -u root
You also need to specify a strong password (the source). you can also use the GUI to enable the root account.
Generally speaking, everybody already knows it’s essential to change default passwords right after purchasing a device.
After all, hardcoded logins and passwords, which can be used as a backdoor, are ubiquitous in router firmware, but this incident is somewhat "special".
The issue in question was described in detail as a solution to a user's problem on Apple's developer support forum. On November 13, Chethan Kamath, who signed in on the forum under the alias chethan177, wrote: On startup, click on "Other".
Enter username: root and leave the password empty. Press enter. (Try twice.)
So it turns out that Apple was aware of this issue and did nothing to fix it.#security_updates #backdoor #OS_X #vulnerability #password
The Anti-virus Times recommends
Flaws and vulnerabilities can be found in all hardware and software products; don't assume that a respected brand offers some sort of immunity from issues of this kind. Therefore, timely updates and an anti-virus (in this case, Dr.Web for macOS) are required.