Keep trying, and after 3-6 attempts, the pane will suddenly unlock, and give you admin access to its controls. The first time that you do this, there will be a pause, and the dialog will shake to indicate refusal. There, enter the username root, leave the password blank, and click on the Unlock button. Then click on the padlock to bring up the authentication dialog. Open a pane in System Preferences which usually requires authentication, such as Users & Groups, or Network. This can even be performed when using a guest account!Ī simple demonstration is to enable the guest account in Users & Groups, log out, and then log back in as the guest user.
The key part of this vulnerability is that repeatedly entering the username root with an empty password into authentication dialogs can eventually result in successful authentication. This evening, Lemi Orhan Ergin has revealed a major security vulnerability in macOS 10.13.1 High Sierra, in which any local user can obtain elevated privileges without knowing any username or password. Here’s how this story developed this evening… So even if you think that physical access to your Mac is restricted, it’s quite possibly still vulnerable. Oh, and Patrick Wardle believes that this can be exploited remotely, if you have certain sharing services enabled. Quit Directory Utility, and close the Users & Groups pane. If the root user is already enabled, use the the Change Root Password… command in the Edit menu to assign the root user a good password. If the root user is not enabled yet, use the Edit menu command to enable it, and assign it a secure and robust password. In the next dialog, click on the button to Open Directory Utility, then click on its padlock and authenticate again. Click on Login Options at the lower left, and click on the Join button by Network Account Server in the lower section of the pane. Log onto your Mac as an admin user, open the Users & Groups pane, and authenticate as that admin user. If you don’t, anyone is likely to be able to gain privileged access to your Mac without knowing any usernames or passwords.
If you are running High Sierra, stop whatever you are doing and enable the root user, assigning it a secure and robust password.
0 kommentar(er)
