{"id":256,"date":"2017-11-30T19:12:39","date_gmt":"2017-11-30T18:12:39","guid":{"rendered":"http:\/\/kcr-meppel.com\/?p=256"},"modified":"2017-11-30T19:13:57","modified_gmt":"2017-11-30T18:13:57","slug":"beveiligingslek-mac-os","status":"publish","type":"post","link":"https:\/\/kcr-meppel.com\/index.php\/2017\/11\/30\/beveiligingslek-mac-os\/","title":{"rendered":"Beveiligingslek MAC OS"},"content":{"rendered":"<header id=\"articleHead\">\n<div id=\"articleTitleContainer\">\n<h2 class=\"articleTitle\">Ernstig beveiligingslek in macOS High Sierra<\/h2>\n<\/div>\n<p class=\"articleData\"><span class=\"author\">Door:\u00a0<a href=\"https:\/\/computertotaal.nl\/artikelen\/apple\/ernstig-beveiligingslek-in-macos-high-sierra-2#showAuthor\">Lub Snoek<\/a>\u00a0<\/span><a class=\"author-googleplus globalsprite\" title=\"Ga naar het Google plus profile van Lub Snoek\" href=\"https:\/\/plus.google.com\/u\/0\/114480731562208871927\/posts?rel=author\" target=\"_blank\" rel=\"me noopener\">Lub Snoek<\/a>\u00a0<span class=\"separator\">|<\/span>\u00a0<span class=\"date\"><span class=\"full\">29 november 2017 10:52<\/span><\/span><\/p>\n<section id=\"articleMainImage\" class=\"article-media\">\n<div class=\"article-media-container\">\n<div id=\"photoswipe-410751\" class=\"photoswipe\">\n<figure class=\"resized-image\"><img decoding=\"async\" class=\"resized-image__img\" src=\"https:\/\/cdn.reshift.nl\/media\/media\/thumbnails\/640x360\/20170925161635504375226847468\/macos-high-sierra_aITpUdI.png\" \/><\/figure>\n<\/div>\n<\/div>\n<div class=\"article-type bounce-if\">APPLE<\/div>\n<\/section>\n<\/header>\n<section id=\"articleContent\" class=\"articledetail-content\">\n<div id=\"articleIntro\">\n<p>In macOS High Sierra (versie 10.13.1) is het mogelijk om toegang te krijgen tot het volledige systeem zonder wachtwoord in te voeren. Apple werkt op dit moment aan een update om dit beveiligingslek te dichten.<\/p>\n<\/div>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Door de fout is het mogelijk om bij een ingelogd account zonder wachtwoord als zogenoemde &#8216;rootgebruiker&#8217; in te loggen. Dit gebruikersaccount met de naam &#8216;root&#8217; is een supergebruiker met lees- en schrijfbevoegdheid voor een groter deel van het systeem dan een gewone gebruiker. Door in te loggen als rootgebruiker, kun je bijvoorbeeld wachtwoorden wijzigen van meerdere gebruikersaccounts.<\/p>\n<\/div>\n<h2 class=\"rs-snippet rs-snippet__header\">Twitter<\/h2>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Het beveiligingslek werd door de gebruiker Lemi Orhan Ergin gedeeld op Twitter. Hij ontdekte dat het mogelijk was om als rootgebruiker in te loggen zonder een wachtwoord op te geven.<\/p>\n<\/div>\n<div id=\"tweet-935578694541770752\" class=\"rs-snippet rs-snippet__twitter\">\n<div class=\"SandboxRoot env-bp-350\" data-twitter-event-id=\"0\">\n<div id=\"twitter-widget-0\" class=\"EmbeddedTweet EmbeddedTweet--edge js-clickToOpenTarget tweet-InformationCircle-widgetParent\" lang=\"en\" data-click-to-open-target=\"https:\/\/twitter.com\/lemiorhan\/status\/935578694541770752\" data-iframe-title=\"Twitter Tweet\" data-dt-full=\"%{hours12}:%{minutes} %{amPm} - %{day} %{month} %{year}\" data-dt-explicit-timestamp=\"7:38 PM - Nov 28, 2017\" data-dt-months=\"Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec\" data-dt-am=\"AM\" data-dt-pm=\"PM\" data-dt-now=\"now\" data-dt-s=\"s\" data-dt-m=\"m\" data-dt-h=\"h\" data-dt-second=\"second\" data-dt-seconds=\"seconds\" data-dt-minute=\"minute\" data-dt-minutes=\"minutes\" data-dt-hour=\"hour\" data-dt-hours=\"hours\" data-dt-abbr=\"%{number}%{symbol}\" data-dt-short=\"%{day} %{month}\" data-dt-long=\"%{day} %{month} %{year}\" data-scribe=\"page:tweet\" data-twitter-event-id=\"1\">\n<div class=\"EmbeddedTweet-tweet\">\n<blockquote class=\"Tweet h-entry js-tweetIdInfo subject expanded is-deciderHtmlWhitespace\" cite=\"https:\/\/twitter.com\/lemiorhan\/status\/935578694541770752\" data-tweet-id=\"935578694541770752\" data-scribe=\"section:subject\">\n<div class=\"Tweet-header u-cf\">\n<div class=\"Tweet-brand u-floatRight\">\n<div class=\"Icon Icon--twitter \" title=\"View on Twitter\" role=\"presentation\" aria-label=\"View on Twitter\"><\/div>\n<\/div>\n<div class=\"TweetAuthor js-inViewportScribingTarget js-aBScribingTarget\" data-scribe=\"component:author\"><a class=\"TweetAuthor-link Identity u-linkBlend\" href=\"https:\/\/twitter.com\/lemiorhan\" data-scribe=\"element:user_link\" aria-label=\"Lemi Orhan Ergin (screen name: lemiorhan)\"><span class=\"TweetAuthor-avatar Identity-avatar\"><img decoding=\"async\" class=\"Avatar Avatar--edge\" src=\"https:\/\/pbs.twimg.com\/profile_images\/804424648586838016\/CzQcq6d7_bigger.jpg\" alt=\"\" data-scribe=\"element:avatar\" data-src-2x=\"https:\/\/pbs.twimg.com\/profile_images\/804424648586838016\/CzQcq6d7_bigger.jpg\" data-src-1x=\"https:\/\/pbs.twimg.com\/profile_images\/804424648586838016\/CzQcq6d7_normal.jpg\" \/><\/span><span class=\"TweetAuthor-decoratedName\"><span class=\"TweetAuthor-name TweetAuthor-name--flex Identity-name customisable-highlight\" title=\"Lemi Orhan Ergin\" data-scribe=\"element:name\">Lemi Orhan Ergin<\/span><\/span><span class=\"TweetAuthor-screenName Identity-screenName\" dir=\"ltr\" title=\"@lemiorhan\" data-scribe=\"element:screen_name\">@lemiorhan<\/span><\/a><\/div>\n<\/div>\n<div class=\"Tweet-body e-entry-content\" data-scribe=\"component:tweet\">\n<div class=\"u-hiddenVisually js-inViewportScribingTarget\"><\/div>\n<p class=\"Tweet-text e-entry-title\" dir=\"ltr\" lang=\"en\">Dear\u00a0<a class=\"PrettyLink profile customisable h-card\" dir=\"ltr\" href=\"https:\/\/twitter.com\/AppleSupport\" data-mentioned-user-id=\"3309375033\" data-scribe=\"element:mention\"><span class=\"PrettyLink-prefix\">@<\/span><span class=\"PrettyLink-value\">AppleSupport<\/span><\/a>, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as &#8220;root&#8221; with empty password after clicking on login button several times. Are you aware of it\u00a0<a class=\"PrettyLink profile customisable h-card\" dir=\"ltr\" href=\"https:\/\/twitter.com\/Apple\" data-mentioned-user-id=\"380749300\" data-scribe=\"element:mention\"><span class=\"PrettyLink-prefix\">@<\/span><span class=\"PrettyLink-value\">Apple<\/span><\/a>?<\/p>\n<div class=\"Tweet-metadata dateline\"><a class=\"u-linkBlend u-url customisable-highlight long-permalink\" href=\"https:\/\/twitter.com\/lemiorhan\/status\/935578694541770752\" data-datetime=\"2017-11-28T18:38:37+0000\" data-scribe=\"element:full_timestamp\"><time class=\"dt-updated\" title=\"Time posted: November 28, 2017 18:38:37 (UTC)\" datetime=\"2017-11-28T18:38:37+0000\">7:38 PM &#8211; Nov 28, 2017<\/time><\/a><\/div>\n<div class=\"u-hiddenVisually js-aBScribingTarget\"><\/div>\n<ul class=\"Tweet-actions\" role=\"menu\" data-scribe=\"component:actions\" aria-label=\"Tweet actions\">\n<li class=\"Tweet-action\">\n<div class=\"Icon Icon--reply TweetAction-icon Icon--replyEdge\" title=\"Reply\" role=\"img\" aria-label=\"Reply\"><\/div>\n<p><a class=\"TweetAction TweetAction--replyEdge web-intent\" href=\"https:\/\/twitter.com\/intent\/tweet?in_reply_to=935578694541770752\" data-scribe=\"element:reply\">\u00a0<span class=\"TweetAction-stat\" data-scribe=\"element:reply_count\" aria-hidden=\"true\">1,157<\/span><span class=\"u-hiddenVisually\">1,157 Replies<\/span><\/a><\/li>\n<li class=\"Tweet-action\">\n<div class=\"Icon Icon--retweet TweetAction-icon Icon--retweetEdge\" title=\"Retweet\" role=\"img\" aria-label=\"Retweet\"><\/div>\n<p><a class=\"TweetAction TweetAction--retweetEdge web-intent\" href=\"https:\/\/twitter.com\/intent\/retweet?tweet_id=935578694541770752\" data-scribe=\"element:retweet\">\u00a0<span class=\"TweetAction-stat\" data-scribe=\"element:retweet_count\" aria-hidden=\"true\">12,890<\/span><span class=\"u-hiddenVisually\">12,890 Retweets<\/span><\/a><\/li>\n<li class=\"Tweet-action\">\n<div class=\"Icon Icon--heart TweetAction-icon Icon--heartEdge\" title=\"Like\" role=\"img\" aria-label=\"Like\"><\/div>\n<p><a class=\"TweetAction TweetAction--heartEdge web-intent\" href=\"https:\/\/twitter.com\/intent\/like?tweet_id=935578694541770752\" data-scribe=\"element:heart\">\u00a0<span class=\"TweetAction-stat\" data-scribe=\"element:heart_count\" aria-hidden=\"true\">15,414<\/span><span class=\"u-hiddenVisually\">15,414 likes<\/span><\/a><\/li>\n<\/ul>\n<\/div>\n<\/blockquote>\n<\/div>\n<div class=\"tweet-InformationCircle--bottom tweet-InformationCircle\" data-scribe=\"element:notice\"><a class=\"Icon Icon--informationCircleWhite js-inViewportScribingTarget\" title=\"Twitter Ads info and privacy\" href=\"https:\/\/support.twitter.com\/articles\/20175256\"><span class=\"u-hiddenVisually\">Twitter Ads info and privacy<\/span><\/a><\/div>\n<\/div>\n<div class=\"resize-sensor\">\n<div class=\"resize-sensor-expand\">\n<div><\/div>\n<\/div>\n<div class=\"resize-sensor-shrink\">\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Wanneer je wijzigingen wil aanbrengen aan de instellingen van macOS, moet je inloggen door op het hangslot te klikken en vervolgens je wachtwoord in te voeren. Bij\u00a0<b>Instellingen &#8211; Gebruikers en groepen<\/b>\u00a0is het in macOS High Sierra mogelijk om als rootgebruiker in te loggen door als gebruikersnaam &#8216;root&#8217; in te vullen en simpelweg een paar keer op\u00a0<b>Enter\u00a0<\/b>te drukken. Het werkt niet als je met de muis op\u00a0<b>Ontgrendel<\/b>\u00a0drukt.<\/p>\n<\/div>\n<h2 class=\"rs-snippet rs-snippet__header\">Forum<\/h2>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Het beveiligingslek werd al eerder genoemd in\u00a0<a href=\"https:\/\/forums.developer.apple.com\/thread\/79235\">het forum<\/a>\u00a0op de ontwikkelaarspagina van Apple. Daar werd het op 13 november genoemd als een eenvoudige manier om een nieuwe beheerder op macOS aan te maken.<\/p>\n<\/div>\n<div class=\"rs-snippet rs-snippet__image\">\n<div id=\"photoswipe-414001\" class=\"photoswipe\">\n<figure class=\"resized-image\"><img decoding=\"async\" class=\"resized-image__img\" src=\"https:\/\/cdn.reshift.nl\/media\/media\/thumbnails\/640\/20171129104712658057827063381\/forum-apple.png\" \/><\/figure>\n<\/div>\n<\/div>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Logischerwijs reageerden forumleden geschokt, aangezien het niet bepaald een veilige gedachte is dat iemand zonder wachtwoord als rootgebruiker kan inloggen.<\/p>\n<\/div>\n<h2 class=\"rs-snippet rs-snippet__header\">Oplossing<\/h2>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Apple werkt momenteel aan een update om het probleem op te lossen. Tot die tijd kan de kwetsbaarheid onklaar worden gemaakt door handmatig de rootgebruiker in te schakelen in macOS. Hoe je dat doet, lees je\u00a0<a href=\"https:\/\/support.apple.com\/nl-nl\/HT204012\">hier<\/a>. Door de rootgebruiker te voorzien van een wachtwoord, is het niet meer mogelijk om met een leeg wachtwoordveld in te loggen.<\/p>\n<\/div>\n<h2 class=\"rs-snippet rs-snippet__header\">Reactie<\/h2>\n<div class=\"rs-snippet rs-snippet__paragraph rs-snippet__paragraph--default\">\n<p>Apple heeft inmiddels gereageerd op de berichtgeving rondom het beveiligingslek. Het advies luidt vrijwel identiek aan de oplossing die we eerder in dit artikel beschreven:<\/p>\n<p>\u201cWe are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the \u2018Change the root password\u2019 section.\u201d<\/p>\n<p>Er werd niet gesproken over de update die het beveiligingslek zal dichten. Het is dus nog onduidelijk wanneer we deze kunnen verwachten.<\/p>\n<\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Ernstig beveiligingslek in macOS High Sierra Door:\u00a0Lub Snoek\u00a0Lub Snoek\u00a0|\u00a029 november 2017 10:52 APPLE In macOS High Sierra (versie 10.13.1) is het mogelijk om toegang te krijgen tot het volledige systeem zonder wachtwoord in te voeren. Apple werkt op dit moment aan een update om dit beveiligingslek te dichten. Door de fout is het mogelijk om&hellip; <br \/> <a class=\"button small blue\" href=\"https:\/\/kcr-meppel.com\/index.php\/2017\/11\/30\/beveiligingslek-mac-os\/\">Lees verder<\/a><\/p>\n","protected":false},"author":1,"featured_media":176,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-256","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nieuws"],"_links":{"self":[{"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/posts\/256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/comments?post=256"}],"version-history":[{"count":2,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/posts\/256\/revisions"}],"predecessor-version":[{"id":258,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/posts\/256\/revisions\/258"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/media\/176"}],"wp:attachment":[{"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/media?parent=256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/categories?post=256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kcr-meppel.com\/index.php\/wp-json\/wp\/v2\/tags?post=256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}