The attacker can easily gain access without a password
BEAM29 Nov, 2017
A major glitch on the latest version of OS X High Sierra allows a potential intruder to gain administrator access into a user's Mac simply by inputting "root" into the username field.
This is a major problem and could be detrimental to people who leave their computers unattended in public spaces.
The bug can easily by accessed simply by opening the Preferences window and then entering one of the panels that has a lock in the lower left-hand corner.
By clicking on the 'lock', a login prompt appears requiring you to enter your username and password to make changes to the settings.
This time however, entering 'root' in the username field will automatically allow you to bypass the panel and logs you in with administrator access even without a password.
The bug was first noticed by Lemi Orhan Ergin, founder of Software Craftsman Turkey, who published it on his Twitter account publicly..
Apple offered the following statement later today:
We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.
A quick workaround to this problem can be achieved by using the Directory Utility and setting a new password for your account. Users can easily access this by searching for it via spotlight.