Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's not local if you have Remote Desktop enabled. Works over that too. From there you can enable ssh and all bets are off.


"It only works after getting physical access once" - quote form somewhere else in the thread


...or if you enabled root for some reason, but didn't set a password.


The 'sign in as root with no password' method cannot be used to trigger the vulnerability initially via remote desktop. I tested it via SSH, File Sharing, Screen Sharing and Remote Management. None of these will enable the root user if it has not already been done locally.

Once the root user has been enabled locally, the only sharing settings I found to permit anyone remote access with the root/null combo is Remote Management.


I don't think they meant using this vulnerability to enable a root remote connection, but using an existing non-root remote connection (think TeamViewer, VNC, whatever) and escalating.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: