Grub2 versions 1.98 through 2.02 suffer from an authentication bypass vulnerability.
83bd7487636061aa2b0800d6365ebfbe91d7c0307ab06febcf641741b08068f4Hi everyone,
A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be
exploited under certain circumstances, allowing local attackers to bypass any
kind of authentication (plain or hashed passwords). And so, the attacker may
take control of the computer.
More details at:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Regards,
Hector Marco & Ismael Ripoll.
--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)