A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.
Cannot say if a similar approach could be used to compromise a grub4dos (at least in some versions), and of course, with all due respect for the good guys that discovered the vulnerability, I don' t think that anyone ever considered the password mechanism to be "fail proof" and actually uses it as a security measure.