|
Password hole in GRUB boot loader closed |
|
|
|
Source: H Security - Posted by Anthony Pell
|
The new version of the GNU GRUB boot loader, 1.97.1, closes a security hole in the previous version, 1.97, which allowed passwords be easily circumvented. The password protection is available in GRUB to prevent unauthorised modification of the boot parameters. A programming error in the feature lead to passwords being accepted as valid even if only the first character of the entered password was correct.
GRUB 1.97, also known as GRUB 2, has support for simple user authentication in its new config file format. The passwords do, though, need to be stored as readable clear text. Various Linux distributions are now being shipped with GRUB 2, including Debian "sid", the soon to be released Fedora 12 and the recently released Ubuntu 9.10.All of Article
Read this full article at H Security
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
