MacOS root Authentication Bypass Direct check over VNC Server (unauthenticated)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is running a version of macOS that is affected by a
root authentication bypass vulnerability.

Description :

The remote host is running a version of macOS that has a root
authentication bypass vulnerability. This plugin tries to exploit
this vulnerability remotely over VNC protocol. If it is successful,
a root user with blank password will be enabled. This check is only
enabled if safe checks are disabled. If this plugin is successful,
you will need to log in to the target box and disable the root account
as well as patch the underlying vulnerability.

See also :

https://support.apple.com/en-us/HT208315
http://www.nessus.org/u?2cf4b55a
http://www.nessus.org/u?9ff9ff45
http://www.nessus.org/u?1e5890f3
http://www.nessus.org/u?f367aab4
http://www.nessus.org/u?f9f9bbc3

Solution :

Apply the patch from Apple, or as a workaround, enable the root account and set a strong root account password.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Misc.

Nessus Plugin ID: 104885 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now