Re: Looks Like Violation of the KISS Principle
If the user does not exist, fail the login and that is it
You seem slightly slow of comprehension so I'll use small words:
A root user is created on every install but is marked as disabled and has no password. This has been the case for (pretty much) every version of OS X.
This bug comes about because of a logic flaw that makes the root account active, even if it doesn't have a password. This is unacceptable. But it sure as hell ain't "CREATING" a new user..