The default Mac OS X installation has the Unix 'root' accountdisabled. This is generally a good thing, because the casual user does not needall the powers granted to this 'superuser' account. But it can be useful to be able to become 'root' tofix something. I'm sure that many others share my woes, so I've compiled this comprehensive list of default router login information (usernames and passwords) for router models manufactured by a (very) long list of the most popular brands, like Linksys and Netgear - along with some of the more obscure names out there that you're bound to run into at one. If you have an administrator user account set up on your Mac in addition to the root account, you can use the Directory Utility to do the following. Go to the menu Edit Change root password.: It should prompt you to enter a new root password: Again, you have to have access to an administrator account to do this (so you can authenticate).
- Default Password For Root In Mac High Sierra
- Default Password For Root In Mac Catalina
- Default Password For Root In Mysql
Right, this isn't a good day for Apple.
As first reported on Twitter by Lemi Orhan Ergin, you can bypass just about any security dialog on Mac OSX High Sierra (10.13) by using the root user without a password.
Use the user root and click _Unlock _several times, you'll eventually bypass the dialog and be granted root privileges. You can try it if you go to the Users & Groups settings screen and click Lock at the bottom.
I'd be very curious to know the technical reasons why this was possible in the first place.
Default Password For Root In Mac High Sierra
Update: be sure to disable the root user after test
Turns out, testing this actually creates a root user without a password in the background! Make sure to disable the root user in System Preferences to prevent this from getting any worse than it already is.
For a quick workaround, set a non-default (aka: anything) password on the root user via the terminal.
Once a password has been set, it wont change to an empty value anymore.
Also applicable to Remote Management
If you've enabled Remote Management, anyone can log into your Mac using the root user with an empty password.
Woops.
Responsible disclosure?
This issue was first reported on Twitter and is now getting widespread traction. This isn't exactly a good way to disclose security issues, but I'm willing to bet the reporter perhaps didn't think it would go this far in the media?
Default Password For Root In Mac Catalina
Default Password For Root In Mac High Sierra
Update: be sure to disable the root user after test
Turns out, testing this actually creates a root user without a password in the background! Make sure to disable the root user in System Preferences to prevent this from getting any worse than it already is.
For a quick workaround, set a non-default (aka: anything) password on the root user via the terminal.
Once a password has been set, it wont change to an empty value anymore.
Also applicable to Remote Management
If you've enabled Remote Management, anyone can log into your Mac using the root user with an empty password.
Woops.
Responsible disclosure?
This issue was first reported on Twitter and is now getting widespread traction. This isn't exactly a good way to disclose security issues, but I'm willing to bet the reporter perhaps didn't think it would go this far in the media?
Default Password For Root In Mac Catalina
Default Password For Root In Mysql
There's an entire KB about reporting security issues to Apple, if someone ever feels the need to report similar security bugs.