
Login as root on macOS High Sierra by just leaving a blank password - CameronBanga
https://mobile.twitter.com/lemiorhan/status/935578694541770752
======
_jomo
Main thread:
[https://news.ycombinator.com/item?id=15800676](https://news.ycombinator.com/item?id=15800676)

------
gruturo
How the hell does a bug this shallow slip through QA?

Of all companies, Apple is the one banking heavily on their image of taking
care of their users' security and privacy. How do they not have a test case
for this. This kills my trust in them.

What. The. Hell.

------
_jomo
The root user is disabled on macOS by default.

Apparently trying to use it the admin prompt enables (creates?) the root user
with an empty password. It does not seem to disable the root account
afterwards, either.

Current workaround is enabling the root user [0] and change the password:

$ sudo -s passwd

0: [https://support.apple.com/en-
us/HT204012#enable](https://support.apple.com/en-us/HT204012#enable)

------
tomduncalf
I’m yet to upgrade but if this is true then it’s pretty shocking and suggests
some serious problems with how OS X releases are tested (especially after the
recent “reveal FileVault password” bug).

Hopefully they’ll up their game in response to these incidents. I’ve no
intention of moving away from OS X but things like this make it a bit harder
to recommend to people!

------
Magicstatic
Was able to reproduce on my machine. macOS High Sierra 10.13 (17A405)

This is incredible.

