Apple just released a patch for this. Guess it is time to install this… :-)
> On 29 Nov 2017, at 16:03, John Newman <[email protected]> wrote: > > https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-login-as-root-with-no-password > > > The title pretty much says it all - you can login as root with no > password, or elevate to root privileges to make system changes with > no password, on all the current MacOS High Sierra releases. There > is a work around (I think you simply have to enable the root account, > with a password), but man.. wtf !? > > It shouldn't affect sshd - PermitRootLogin defaults to no. However > it does appear to affect VNC / Apple Remote Desktop connections. > LOL! How does something like this get past QA ? > > -- > GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
