One of the operating system kernel that has to be considered to be secure to some extent is #Linux till date and now a serious flaw has been found in its operation.
Security researcher found that the Linux login screen can be bypassed with just #28 Key Strokes and they too are the same key "#BackSpace". Yup by pressing Backspace key for 28 times will allow you to bypass the login screen.
This is not at a kernel fault and this happens in #Grub Loader (Grand Unified Bootloader) popularly used by Linux versions. It was due to the underflow that resides in #grub_password_get() function.
It resides in Grub2 version 1.98 and it has been reported to them and once the login screen appears if the attacker follow this he /she will be entered into Grub Rescue shell with which all the files can be accessed.
The vulnerability has been patched by the vendor and the distros based on Debain Ubunutu and RedHat are yet to patch it. You can find the patch here.
User who are running Linux are advised to patch it immediately if you are concerned about your data.
P.S : The post is to create awareness and not to be misused.
Is this on the login screen for the UI??
ReplyDeleteYes bro Grub Login page dont try on terminal login.. :)
Delete