Sudo is a very popular, very simple Unix-system sysadmin application. It enables users to switch identities for the purpose of running a single command. Usually, but not always, it lets you run a command as the root, system administrator, user. Sudo’s easy to abuse, but it’s so darn useful, until it’s not. A recently discovered sudo bug once more spells out why you should be wary of this command.
In this latest security hole, CVE-2019-18634, Apple Information Security researcher Joe Vennix discovered that if the “pwfeedback” option is enabled in your sudoers configuration file, any user, even one who can’t run sudo or is listed in the sudoers file, can crack a system.