Password Authentication Bypass in GNU GRUB 2 by Free Software Foundation
CVE-2009-4128

Currently unrated

Key Information:

Vendor
Gnu
Status
Grub 2
Vendor
CVE Published:
1 December 2009

Summary

The GNU GRand Unified Bootloader (GRUB) 2 version 1.97 has a vulnerability that allows attackers with physical access to bypass authentication mechanisms. By comparing only a submitted portion of a password with the actual password, attackers can exploit this weakness through simple brute force attempts. This enables unauthorized access to the system by submitting a password whose length is just one character, potentially compromising system integrity.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195
http://www.securityfocus.com/bid/36968
vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/54210
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.