sysadminctl -secureTokenStatus allows null password
Originator: | broccardo | ||
Number: | rdar://36163828 | Date Originated: | 12/20/2017 |
Status: | Closed as Dupe | Resolved: | |
Product: | Mac | Product Version: | 10.13.2/10.13.3b2 |
Classification: | Bug | Reproducible: | Always |
Summary: sysadminctl allows passing null/garbage entry for admin password when using sysadminctl -secureToken Status Steps to Reproduce: 1. On a Mac running 10.13.2 or 10.13.3b2 launch Terminal.app 2. Get elevated privileges with sudo -s 3. Enter the following command: sysadminctl -adminUser [admin] -adminPassword [value that is not admin's password] -secureTokenStatus [username for user being checked] Expected Results: Would expect that system would reject command outright because the admin's password is incorrect. Actual Results: The system returns an error, but then still processes the command and returns a result. e.g. bash-3.2# sysadminctl -adminUser admin -adminPassword null -secureTokenStatus otheruser 2017-12-20 15:12:22.163 sysadminctl[505:3977] ### Error:-14090 File:/BuildRoot/Library/Caches/com.apple.xbs/Sources/Admin/Admin-674/DSAuthenticator.m Line:94 2017-12-20 15:12:22.214 sysadminctl[505:3977] Secure token is ENABLED for user otheruser Please note that other sysadminctl commands such as sysadminctl -secureTokenOff properly fail with incorrect admin user password. Version/Build: 10.13.2 (17C88) 10.13.3 Beta 2 (17D25b)
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Closed as duplicate of 35079899