Mac security specialist Patrick Wardle digs into the root cause (pun intended) behind why a blank password gave you root permissions:
* For accounts that are disabled (i.e. don’t have ‘shadowhash’ data) macOS will attempt to perform an upgrade
* During this upgrade,
od_verify_crypt_passwordreturns a non-zero value, and an error code which is not checked* The user (or attacked) specified password is then ‘upgraded’ and saved for the account
It appears that
od_verify_crypt_passwordshould fail (update: it does and Apple just didn’t check for this!).
It might be an oversimplification, but what I gather from the post is that proper handling of the function’s return value (error code) could have prevented this on hindsight.
Now I’m pondering about all those times we ignore the error codes returned by the OS for file I/O operations and whatnot.