Apple Sierra的支持论坛提前两周提到了高Sierra Root登录错误

很自然地推测像现在固定的High Sierra根登录错误一样的臭虫怎么可以逃脱通知这么长时间自从High Sierra 10.13.0于9月25日发货以来,似乎一直存在,并且可能在夏天可能存在于测试版中一种解释是,使用用户名“root”和空白密码登录是如此奇怪,以至于没有人会想到这样的事情喜欢经典的“1-2-3-4-5”场景太空炮弹,但最终的弱密码 - 根本没有。

然而,更加阴险的是,它可能没有在它之前逃脱通知昨天广泛宣传- 但迄今为止发现它的人仍然坚持自己。

事实上,这种利用11月13日发布到Apple自己的支持论坛这是一个奇怪的线索该线程于6月8日开始,当用户在安装High Sierra的WWDC开发者测试版后遇到问题:

I am hoping someone might know how to fix this - after updating to High Sierra, the two admin accounts on this machine are all of a sudden standard accountsThere is no admin account at all, which means I can’t seemingly fix this problem because there is no admin I can log intoAny changes to the system or software installs I try to do that require admin approval, I have no way to grant it. And no way to create a new admin user without an existing.

用户发布了涉及的解决方案单用户模式,线程大部分都消失了但是在11月13日,手柄下的用户“chethan177”发布以下内容

Note: This solution might be specific to High Sierra

试试这个:

解决方案1:

  • 在启动时,单击“其他”
  • 输入用户名:root并将密码保留为空Press enter(尝试两次)
  • If you’re able to log in (hurray, you’re the admin now), then head over to System Preferences → Users & Groups and create a new Admin account.
  • Now restart and login to the new Admin Account (you may need a new Apple Id)Once you’re logged into this new Admin Id, you can again proceed to your System Preferences → Users & GroupsOpen the Lock Icon with your new Admin ID/Password. Assign “Allow user to administer this computer” to your original Apple ID重新开始[...]

解决方案2:

  • If you’re unable to login at startup using username: root and empty password, then login with your existing account (standard user).
  • Again, head over to System Preferences → Users & Groups. Click on the Lock IconWhen prompted for username and password, type username: root and leave the password empty. Press enterThis might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock IconIf it does, try Solution 1 next.

P.S解决方案2为我工作不知道如何或为什么Hope this helps.

这是昨天的错误事实上,这个论坛帖子就在哪里
Lemi Orhan Ergin - 他在Twitter上宣传了这个漏洞 -也看到了它

A week ago the infrastructure staff at the company I work for stumbled on the issue while trying to help one of my colleagues recover access to his local admin accountThe staff noticed the issue and used the flaw to recover my colleague’s accountOn Nov 23, the staff members informed Apple about itThey also searched online and saw the issue mentioned in a few places already, even in Apple Developer Forum from Nov 13It seemed like the issue had been revealed, but Apple had not noticed yet.

昨天,在问题爆炸后,线程中询问“chethan177”是如何发现漏洞的他的回答是:

大家好,

Didn’t realise this was a full blown security issueI’d messed my login credentials trying to change my apple id and voila I was no longer an adminThen began my extensive search on all Apple related forums for a solution尝试了一切,没有奏效。

至于我如何偶然发现这个问题,答案很简单Pure frustrationI’d read on one of the forums where in a user suggested we try using “root” for username and leaving the password field empty我做了,失败了Out of sheer frustration, I tried again, and voila the **** thing unlocked my admin account much to my relief.

Then I posted it here assuming someone stuck just like me might find it useful这完全是偶然的。

Which forum was that, where he found this suggestion? Alas:

不幸的是,我不记得了I looked up several forums trying to look for a solutionTrying the “root” username entry method without a password was definitely mentioned somewhereI just happened to try it twice.

因此,至少在数周之内,这种攻击在浮动下漂浮,但似乎没有普遍的伤害。