Password Authentication Bypass in GNU GRUB 2 by Free Software Foundation
CVE-2009-4128

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
1 December 2009

Summary

The GNU GRand Unified Bootloader (GRUB) 2 version 1.97 has a vulnerability that allows attackers with physical access to bypass authentication mechanisms. By comparing only a submitted portion of a password with the actual password, attackers can exploit this weakness through simple brute force attempts. This enables unauthorized access to the system by submitting a password whose length is just one character, potentially compromising system integrity.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.