Post by Neill Massello Post by David Empson
No. There is a keyboard combination to get a user/password prompt even
if you don't have the "Other" icon.
Never knew that. Could you be enticed to tell us what it is? I only use
two accounts and haven't enabled the root account since the Dark Ages
(10.1 and 10.2), so I never saw the "Other..." icon until I set a root
password an hour ago.
Post by David Empson
In any case, the login screen can't be used to _trigger_ this bug.
Logging in as root only works if you have already triggered the bug via
an authentication dialog.
Thanks for the clarification. Adam Engst made it sound as though the
whole thing could be initiated at login, even remotely.
So far I've triggered the enabling of root user with blank password at
all prompts for admin credentials (after being logged in), e.g. the one
presented by Installer, by Finder for authorising an operation in a
protected location, in Directory Utility for unlocking, etc.
I've also managed to trigger the bug remotely if Screen Sharing or
Remote Management is enabled: a VNC client can attempt to log in as
root/blank, which fails to log in, but it triggers the bug and enables
the root account, then a second attempt with root/blank works.
I was not able to trigger the bug via File Sharing (with default set of
users). That appears to have its own filtering on the account name so
root isn't allowed.
I haven't worked out a way to trigger the bug via Remote Login (SSH)
because I haven't found an SSH client which allows me to enter a blank
Anyone know of one?
Once the bug is triggered and the root user is enabled with a blank
password, you can disable it again using Directory Utility, then test
I've also seen a report (in a discussion thread on Ars Technica) that a
previously enabled root account and password WAS vulnerable to this, but
a newly enabled root account with non-blank password was not. Something
different about the DirectoryServices database entry created by an
earlier OS verison, perhaps?