macOS High Sierra 10.13.* security bulletin
Here's the breakdown, anyone can access root on your mac running High Sierra. At this time no other distributions are affected.
Update: This has now been patched by Apple, see the specific patch notes here.
Here's the breakdown, anyone can access root on your mac running High Sierra. At this time no other distributions are affected.
You can reproduce this security flaw by attempting to access a password restricted area and using root as the username with a blank password. The first attempt will fail (by default the root user is disabled, this bug enables the root user with a blank password), the second attempt will produce the auth bypass.
A 100% effective method for patching this yourself is to enable the root account dsenableroot (this will already be active if you've replicated the bug) and set a strong password sudo passwd. Don't disable root afterwards, wait for Apple to release a patch.
A GUI method for the above is here.