This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote host is running a version of macOS that is affected by a
root authentication bypass vulnerability.
The remote host is running a version of macOS that has a root
authentication bypass vulnerability. This plugin tries to exploit
this vulnerability remotely over VNC protocol. If it is successful,
a root user with blank password will be enabled. This check is only
enabled if safe checks are disabled. If this plugin is successful,
you will need to log in to the target box and disable the root account
as well as patch the underlying vulnerability.
See also :
Apply the patch from Apple, or as a workaround, enable the root account and set a strong root account password.
Risk factor :
Critical / CVSS Base Score : 10.0
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now