| Vulnerability Name: | CVE-2009-4128 (CCN-54210) | ||||||||
| Assigned: | 2009-11-08 | ||||||||
| Published: | 2009-11-08 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | ||||||||
| CVSS v3 Severity: | 8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 6.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
5.4 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: Debian Bug report logs - #555195 grub2: password checking oddity Source: CONFIRM Type: Exploit http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195 Source: MITRE Type: CNA CVE-2009-4128 Source: CCN Type: GNU GRUB 2 Web site GRUB 2 Source: CCN Type: OSVDB ID: 60655 GNU GRUB Password Comparision Weakness Authentication Bypass Source: BID Type: Patch 36968 Source: CCN Type: BID-36968 GNU GRUB Local Authentication Bypass Vulnerability Source: CCN Type: USN-868-1 GRUB 2 vulnerability Source: XF Type: UNKNOWN gnugrub2-password-auth-bypass(54210) Source: XF Type: UNKNOWN gnugrub2-password-auth-bypass(54210) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||