Contribute
Register

Major 10.13.1 bug discovered - root without password

Joined
Jul 24, 2015
Messages
2,331
Motherboard
MSI H81i
CPU
i5-4570
Graphics
RX 580
After storing encryption passwords in plain text in a previous release a newly discovered issue in High Sierra means the root account is apparently enabled without a password having been set.

Read about it here: https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/

Apple:

We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section./QUOTE]
Quick fix

Code:
sudo passwd root
Enter your password for sudo, then choose a root password
Code:
sudo dsenableroot -d
No root login chooser
 
Last edited:
Joined
May 17, 2016
Messages
74
Motherboard
GA-Z170X-UD5 TH
CPU
i7 6700k
Graphics
GTX 1070
Mac
iMac, MacBook Pro
Mobile Phone
iOS
After storing encryption passwords in plain text in a previous release a newly discovered issue in High Sierra means the root account is apparently enabled without a password having been set.

Read about it here: https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/

Apple:



Quick fix

Code:
sudo passwd root
Enter your password for sudo, then choose a root password
Code:
sudo dsenableroot -d
No root login chooser

Correction: do NOT disable root with 'sudo dsenableroot -d' after setting the root password.

From the 'man dsenableroot' page:

Code:
dsenableroot sets the password for the root account if enabling the root
     user account.  Otherwise, if disable [-d] is chosen, the root account
     passwords are removed and the root user is disabled.
Basically if you disable the root user after setting a password, it will reset the password and allow the original exploit. root must remain enabled, with a custom password, until this issue is fixed with a software patch.
 
Joined
Jul 24, 2015
Messages
2,331
Motherboard
MSI H81i
CPU
i5-4570
Graphics
RX 580
Basically if you disable the root user after setting a password, it will reset the password and allow the original exploit. root must remain enabled, with a custom password, until this issue is fixed with a software patch.
Have you tried it or just read the man page?
 
Joined
Jan 26, 2014
Messages
1,381
Motherboard
Asus P5LP-LE
CPU
Core 2 Duo
Graphics
Nvidia GeForce GT 640
Mac
Mac Pro
Mobile Phone
iOS
Correction: do NOT disable root with 'sudo dsenableroot -d' after setting the root password.

From the 'man dsenableroot' page:

Code:
dsenableroot sets the password for the root account if enabling the root
     user account.  Otherwise, if disable [-d] is chosen, the root account
     passwords are removed and the root user is disabled.
Basically if you disable the root user after setting a password, it will reset the password and allow the original exploit. root must remain enabled, with a custom password, until this issue is fixed with a software patch.
@vulgo's method seems to be working but only due to bugs. actually setting a password in terminal via
Code:
sudo passed root
And the using
Code:
sudo dsenableroot -d
Is actually disabling the root user account, however if you try to do the exploit and just put in the password you set for the root user it will unlock and will seem not disabled. But if you follow the steps here to enabled the root user and and set a password, you will see it says Enable Root User after you just logged in as the root user with the password you set in terminal. Basically the disabling in terminal is also a part of this bug. As it only partially disables and leaves the password intact rather than removing the passwords. At least in build 17C83a that is. Having the password intact is the real trick here though without the password the exploit is very real and possible and we will likely see a patch in a few days for it.

Edit:
When the root user is disabled via the Directory Utility edit menu the exploit is very real and possible. This is where the real disabling and password removing(resetting)occurs and not in terminal, for some reason. The exploit actually forces the root user with no password when the root user is actually disabled.
 
Last edited:
Joined
May 28, 2016
Messages
395
Motherboard
Gigabyte Z170N-WIFI (ITX)
CPU
6700K
Graphics
Asus Strix R9 380X
Mobile Phone
iOS
My setup: 10.13.1

Admin account (me)
Guest account disabled

At login screen: Cannot switch to another account. Mine is the only available.
At Sys Pref: Cannot add 'root' user. Says There is already another user with this name.

Am I doing it wrong? I've tried pressing Add multiple times, always selecting Password (but blank).

edit: It works. I can unlock the lock using root and blank and not my own username.. and then add.
 
Joined
May 17, 2016
Messages
74
Motherboard
GA-Z170X-UD5 TH
CPU
i7 6700k
Graphics
GTX 1070
Mac
iMac, MacBook Pro
Mobile Phone
iOS
Have you tried it or just read the man page?
Yeah, I tried it because I saw someone suggesting to disable it on Reddit. When I tried to unlock the Users & Groups preference pane with 'root' it worked straight away, even though I had just changed the password and then disabled root.

The bug has been patched (and seems to automatically disable root) so it's kind of a moot point now I guess.
 
Joined
Jul 24, 2015
Messages
2,331
Motherboard
MSI H81i
CPU
i5-4570
Graphics
RX 580
The bug has been patched (and seems to automatically disable root) so it's kind of a moot point now I guess
Yes after the security update the password hash really is gone from /var/db/**/users/root.plist. Happy days.
 
Joined
Jun 18, 2013
Messages
9
Motherboard
Gigabyte Z370 Gaming 5
CPU
Intel Coffee Lake i8700K
Graphics
MSI 1070 Ti Gaming 8g
Mac
iMac
Mobile Phone
iOS
The bug is patched, does anyone else got after install fix, that nvidia drivers are incompatible (disabled), and there was update to them straight away so they worked again? Mac worked for while after that but just now again they are not compatible and no updates either.
 
Top