Linux Distros Unpatched Vulnerability : CVE-2023-4001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the passwo...

Linux Distros Unpatched Vulnerability : CVE-2014-0246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

Ensure That the Password Protection Is Configured for GRUB

GRUB is the default bootloader of Linux. The bootloader can set the startup mode of the system. By setting the GRUB password, you can prevent attackers from modifying the GRUB setting to enter the single-user mode. If the GRUB password is not set, attackers can easily access the GRUB editing menu...

Grub2: bypass the grub password protection feature

...

Updated grub2 packages fix security vulnerabilities

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

Medium: grub2

Issue Overview: The "/boot/efi/EFI/fedora/grub.cfg" configuration file allows an unprivileged user with physical access to a computer to bypass the GRUB password protection feature on many but not all UEFI-based systems. CVE-2023-4001 Affected Packages: grub2 Issue Correction: Run dnf update grub...

Medium: grub2

Issue Overview: The "/boot/efi/EFI/fedora/grub.cfg" configuration file allows an unprivileged user with physical access to a computer to bypass the GRUB password protection feature on many but not all UEFI-based systems. CVE-2023-4001 Affected Packages: grub2 Issue Correction: Run dnf update grub...

grub2: bypass the GRUB password protection feature

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

CVE-2023-4001 Grub2: bypass the grub password protection feature

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

SUSE CVE-2009-3525

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

PT-2022-23603 · Unknown · Fedora Core

Name of the Vulnerable Software and Affected Versions: Fedora CoreOS affected versions not specified Description: The issue is related to a misconfiguration in recent Fedora CoreOS releases that allows booting non-default OSTree deployments without entering a password, even when a GRUB bootloader...

Gather GRUB Password

This module gathers GRUB passwords from GRUB bootloader config files. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gather GRUB Password', 'Description' = %q This module gathers GRUB password...

JShielder - Automates The Process Of Installing All The Necessary Packages To Host A Web Application And Hardening A Linux Server

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server wi...

Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity Vulnerability

The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected. Title: Barracuda WAF Grub Password Complexity 1. Vulnerability Details Affected Vendor: Barracuda Affected Product...

Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity

KL-001-2017-012 : Barracuda WAF Grub Password Complexity Title: Barracuda WAF Grub Password Complexity Advisory ID: KL-001-2017-012 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-012.txt 1. Vulnerability Details Affected Vendor: Barracuda...

UBUNTU-CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service disk corruption via backspace characters in the 1 grubusernameget function in grub-core/normal/auth.c or the 2...

PT-2015-2904 · Gnu +4 · Grub2 +4

Name of the Vulnerable Software and Affected Versions: Grub2 versions 1.98 through 2.02 Description: The issue is caused by multiple integer underflows that allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service disk corruption...

UBUNTU-CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...