Vulnerability - Using the Reset Password Utility

• Restart the the Mac hold down the Option key then when prompted select the Recovery volume.
• Open the Terminal and at the prompt enter the command resetpassword
• When the utility opens select the normal startup volume, then the account that needs a password reset.
• Follow the prompts to rest the password, then restart the Mac normally and logon using the account and password that has just been reset.

Mitigation - Ensure FileVault is turned on

• With FileVault turned on the startup volume is greyed out and you will need to know the volume password...
• Apple Support article Encrypt the contents of your Mac with FileVault.

Vulnerability - Using the root account

• Restart the the Mac while holding down both the Command and S keys, this will boot the OS to single user mode with a command prompt.
• At the command prompt enter the command mount _uw /
• Next enter launchctl load /System/Library/LaunchDaemons/com.apple.opendirectory.plist
• Now enter passwd username (where username is the account that needs a password reset).
• Finally enter reboot
• When the Mac restarts, logon using the account and password that has just been reset.

Mitigation - Ensure a Firmware password has been set.

• When you try and start your Mac from any drive other than the normal startup disk you will be prompted for the firmware password.
• Apple Support article What is a firmware password and how do I set one up?