MacOS root Authentication Bypass Direct check over VNC Server (unauthenticated)

Critical Nessus Plugin ID 104885

Synopsis

The remote host is running a version of macOS that is affected by a root authentication bypass vulnerability.

Description

The remote host is running a version of macOS that has a root authentication bypass vulnerability. This plugin tries to exploit this vulnerability remotely over VNC protocol. If it is successful, a root user with blank password will be enabled. This check is only enabled if safe checks are disabled. If this plugin is successful, you will need to log in to the target box and disable the root account as well as patch the underlying vulnerability.

Solution

Apply the patch from Apple, or as a workaround, enable the root account and set a strong root account password.

See Also

https://support.apple.com/en-us/HT208315

http://www.nessus.org/u?2cf4b55a

http://www.nessus.org/u?9ff9ff45

http://www.nessus.org/u?1e5890f3

http://www.nessus.org/u?f367aab4

http://www.nessus.org/u?f9f9bbc3

Plugin Details

Severity: Critical

ID: 104885

File Name: vnc_macosx_blank_root_password_exploit.nbin

Version: $Revision: 1.7 $

Type: remote

Family: Misc.

Published: 2017/11/30

Modified: 2018/05/21

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H