A vulnerability can be found that can access the administrator account with no password in the latest version of Mac OS "macOS High Sierra"

Apple's Mac OSmacOS High SierraA vulnerability has been discovered that anyone can log in to the Mac's administrator account without a password.

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated] - Mac Rumors
https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/

This vulnerability was discovered by software developersLemi Orhan ErginI am warning Apple about this vulnerability with my Twitter account.

Dear@ AppleSupport, we noticed a * HUGE * security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it@ AppleWhat?

- Lemi Orhan Ergin (@ lemiorhan)November 28, 2017

The vulnerability discovered by Ergin is very simple, and if you enter "root" as the user name on the screen to access the Mac administrator account, it will be accessible without entering a password Thing. You can access the administrator account in the order of "System environment setting" → "Users and groups" → click the lock icon at the bottom left of the screen.


This vulnerability is something that can only be exploited if it can not be accessed directly by Mac, but once you have access to the administrator account, you can also add a new user account to your Mac, It is a powerful vulnerability. The vulnerability discovered by Ergin seems to be present in the latest version of macOS High Sierra, 10.13.1 and macOS 10.13.2 distributed as a beta version.

As a measure against this vulnerability,Invalid root userWestChange root user's passwordIt is recommended that you do.