MacOS High Sierra Security Bug Allows Root Login Without Password, Here’s Fix

Check tutorial of MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix

So after a lot of requests from our users here is a guide about MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix.

A significant security vulnerability has been discovered with macOS High Sierra, which could potentially allow anyone to log into a Mac with full root management functions without a password.

This is an urgent security issue and although a software update should be coming soon to resolve the issue, this article describes it in detail how to protect your Mac from this vulnerability.

Important update: Apple released Security Update 2020-001 for macOS High Sierra to fix the root login bug, download it now. If you are using macOS High Sierra, download the update to your Mac as soon as possible.

What is the root login bug and why does it matter?

For a quick background, the vulnerability allows a person to enter ‘root’ as a username and then immediately log in as root on the Mac, without a password. The root login without a password can be done directly with a physical machine on the common user login screen seen at boot time, from the System Preferences panels that typically require authentication, or even via VNC and Remote Login if the latter two are remote access features are enabled. Each of these scenarios then provides full access to the macOS High Sierra machine without ever using a password.

A root user account provides the highest possible level of system access on a macOS or other Unix-based operating system, root grants all the capabilities of administrative user accounts on the machine, in addition to unrestricted access to system-level components or files.

Mac users affected by the security bug include anyone with macOS High Sierra 10.13, 10.13.1 or 10.13.2 betas who have not previously enabled the root account or changed the password of a root user account on the Mac , which is the vast majority of Mac users with High Sierra.

Sounds bad, right? It is, but there is a fairly simple solution to prevent this security bug from becoming a problem. All you need to do is set a root password on the affected Mac.

How to Prevent root login without password in macOS High Sierra

There are two ways to avoid root login without password on macOS High Sierra machine, you can use Directory Utility or command line. We’ll cover both. Directory utility may be easier for most users as it is accomplished entirely from the graphical interface on the Mac, while the command line approach is text-based and generally considered more complex.

Use directory utility to lock root

  1. Open Spotlight on the Mac by pressing Command + Space (or clicking the Spotlight icon in the top right corner of the menu bar) and type in “Directory Utility” and hit return to launch the app
  2. prevent root password less login bug

  3. Click the little lock icon in the corner and authenticate with an administrator account
  4. prevent root password less login bug

  5. Now pull down the “Edit” menu and choose “Change Root Password …” ***
  6. prevent root password less login bug

  7. Enter a password for the root user account and confirm, then click “OK”
  8. prevent root password less login bug

  9. Close the directory utility

*** If the root user account is not already enabled, choose “Enable Root User” and set a password instead.

Essentially all you do is assign a password to the root account, which means logging in with root requires a password as it should be. Amazingly, if you don’t assign a password to root this way, a macOS High Sierra machine will accept a root login without a password.

Use the command line to assign a root password

Users who prefer to use the command line in macOS can also set or assign a root password with sudo and the plain old passwd command.

  1. Open the Terminal application, found in / Applications / Utilities /
  2. Type the following syntax exactly into the terminal and hit the Return key:
  3. sudo passwd root

  4. Enter your administrator password to verify and press return
  5. At “New password”, enter a password that you will not forget, press Return and confirm it
  6. Do not stop root login with password, but in macOS High Sierra from command line

Make sure to set the root password to something you remember, or maybe even match your admin password.

How do I know if my Mac is affected by the root login bug with no password?

It seems that only macOS High Sierra machines are affected by this security flaw. The easiest way to check if your Mac is vulnerable to the root login error is to try to login as root without a password.

You can do this from the general startup login screen or from an administrator authentication panel (by clicking the lock icon) available in System Preferences such as FileVault or Users & Groups.

Just set ‘root’ as the user, don’t enter a password and click “Unlock” twice – if the bug hits you, you will be logged in as root or given root privileges. You have to click ‘unlock’ twice, the first time you click ‘unlock’ button it creates the root account with an empty password, and the second time you click “unlock”, it logs in, allowing full root access.

The macOS root login bug allows root login without a password

The bug, which is basically a 0day root exploit, was first reported to the public on Twitter by @lemiorhan and quickly gained steam and media attention because of the potential severity of the impact. Apple is apparently aware of the problem and is working on a software update to fix the problem.

Does the root login bug affect macOS Sierra, Mac OS X El Capitan or earlier?

The passwordless root login bug only appears to affect macOS High Sierra 10.13.x and does not appear to affect previous versions of macOS and Mac OS X system software.

Additionally, if you had previously enabled root from the command line or by Directory Utility, or changed the root password at some other time, the bug wouldn’t work on such a macOS High Sierra machine.

Keep in mind that Apple is aware of this issue and will release a security update to address the bug in the near future. In the meantime, do yourself a favor and set or change the root password on Macs running macOS High Sierra to protect them from unauthorized full access to the machine and all its data and contents.

MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix Guide is free?

Starting from: Free
This guide is a free model
Free Trial: May be included, please check on the official site, we mentioned above.
The MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix tutorial price is Free or Freemium. This means you can truly enjoy the MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix guide.

The MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix guide gives you an easy-to-use and efficient management and MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix allows you to focus on the most important things. It’s friendly guide to use maybe you will love it and MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix tutorial can be used on Linux, Windows or android devices.

MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix: benefits

  • The MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix tutorial is free .
  • Helps many users follow up with interest in a timely manner.
  • The price of the MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix guide is free.

MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix: FAQ

Tutorial Summary: MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix


In this guide, we told you about MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix; please read all steps so that you understand MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix in case if you need any assistance from us, then contact us.

How this tutorial helping you?


So in this guide, we discuss the MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix, which undoubtedly helps you.

What is actual time in which this method complete?


The time to complete the MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix tutorial is 10+ minutes.

What are the supported Device?


Apple

What are the supported Operating system?


mac OS



MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix Tutorial: final note

For our visitors: If you have any queries regards the MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix, then please ask us through the comment section below or directly contact us.
Education: This guide or tutorial is just for educational purposes.
Misinformation: If you want to correct any misinformation about the guide “MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix”, then kindly contact us.
Want to add an alternate method: If anyone wants to add the more methods to the guide MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix, then kindly contact us.
Our Contact: Kindly use our contact page regards any help. You may also use our social and accounts by following the Whatsapp, Facebook, and Twitter for your questions. We always love to help you. We answer your questions within 24-48 hours (Weekend off).
Channel: If you want the latest software updates and discussion about any software in your pocket, then here is our Telegram channel.

      Compsmag
      Logo