Security Flaw - Oops!
Anyone Can Hack MacOS High Sierra Just by Typing "Root" Dave
Forum Discussion
bwanshoom wrote:Very True - the current reported OS bug bypasses the fact that root is disabled. You simply have to try more than once.ljr wrote:From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
If you have a computer running macOS High Sierra, you can address this immediately by assigning a password to “root” so that unauthorized parties who might attempt to exploit the flaw won’t be able to login in without it. To do this, simply open the “Directory Utility” app and click the “Edit” dropdown menu in the toolbar. You can then click on the “Change Root Password” entry to enter a new password.
I'd have a password for root regardless of any patch.
