• info
• discussion
• exploit
• solution
• references

NeXTstep "me" account Vulnerability

Username "me" is a member of the "wheel" group
in all NeXTstep versions through and including 2.1.

Having username "me" in the "wheel" group enables
"me" to use the su(8) command to become root (the user
must still know the root password, however).

Notice that the username "me" is created at installation time
with no password by default.