Jump to content

- - - - -

Password vulnerability in GRUB2

  • Please log in to reply
No replies to this topic

#1 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15339 posts
  • Location:The Outside of the Asylum (gate is closed)

Posted 16 December 2015 - 01:33 PM




A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.



Cannot say if a similar approach could be used to compromise a grub4dos (at least in some versions), and of course, with all due respect for the good guys that discovered the vulnerability, I don' t think that anyone ever considered the password mechanism to be "fail proof" and actually uses it as a security measure. :dubbio:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users