Is physical access required or can Remote Access also exploit this vulnerability?
Basically the problem is that before you "enable the root user", he's already there and enabled because he
has to be, but can't authenticate by default if his password is blank.
except for this one place that someone forgot to lock down in HS.
It does lead me to wonder though, surely they will find the person ultimately responsible for this, I wonder what will happen to them? What is the penalty for a major embarrassment?