High Sierra bug

If other people have access to your computer you might like to take notice of this:

In reference to www.engadget.com/2017/11/28/macos-high-sierra-bug-full-admin-access...:

macOS High Sierra bug allows full admin access without a password

"Think different."

"Think."

Caveat emptor?

Whilst not excusing Apple on this, I wonder how new the bug is.

I can remember at least some forms of Unix having this "feature" back in the days of thick Ethernet

It's nothing to do with the design of the OS, just a poor default configuration in the delivered product. Any OS could potentially have this bug (and I'm pretty sure that some Linux distributions do).

But it is quite a glaring oversight to ship a system with a blank, or default, root password.

In reply to a post by TinyMongomery:

It's nothing to do with the design of the OS, just a poor default configuration in the delivered product

Not sure I'd agree there- the login code should be in a loop which can only be broken out of by entering valid details.

On the Unix systems I remember it was simply the same code repeated three times- after that you just "dropped through" to the rest of the startup routine.

These days that would be very poor design, but in those days computer software was written by geeks for geeks, who were assumed to be trustworthy. The idea of computers all over the world being accessed by some spotty 14-yr old with a tablet in his bedroom wasn't even conceivable

But it is quite a glaring oversight to ship a system with a blank, or default, root password.

Yes. It should be a requirement during installation to set a root password.

Username "root" with password "" is a perfectly valid input.

In reply to a post by TinyMongomery:

Username "root" with password "" is a perfectly valid input.

Matter of opinion. I don't consider null entries to be valid in either field.

Yes, but that then should only require Enter to be pressed once. The report says enter has to be pressed several times so there is something else going on, not just the missing password - looking at a video it rejects it first time but allows it on the second attempt, that is odd behaviour.