Entering the “root” identifier in the system settings allows a user to access a Mac administrator assignment. Without password.
MacOS 10.13 says “High Sierra” is the victim of a bug for the least problematic. It is possible to access the administrator account of the OS, with all the rights that follow, simply by using the identifier “root”. And without even needing to enter a password.
It is the developer Lemi Orhan Ergin who, by tweet, alerted Apple, yesterday, Tuesday, November 28th. And the entire Internet planet at the same time.
“Anyone can login in” root “mode without entering a password after clicking the login button multiple times,” the developer wrote in his message. If the attempt does not work the first time, it is validated the second time.
Apple is working on an update
In response to Apple, it indicates what to do: just go to System Preferences, click Users and Groups, and click the lock to make the change.
The maneuver creates a “super user” profile that has access to all the functions and parameters of the OS normally reserved for administrators.
According to MacWorld, the trick works perfectly. But it only works through the system parameters, not since the opening of the assignment, and only from a user name different from the one of the current assignment.
In response to our American colleagues, Appel said they are working on an update to fix this bug which can safely be called a major security breach.
And until then, invite users to assign a password to the Root account (from the explanations on this page) to avoid the risk of intrusion. Wise recommendation.