Remember that time, when it was possible for about 6 years to hack into any Linux system (without drive encryption) which had GRUB by pressing backspace exactly 28 times? Yeah, good old times.
Yeah that is not really an “OMG” vulnerability as I can also get into that machine by booting it with a USB drive, or plugging it’s drove into my own machine.
Better replace your keyboard everytime you leave it unattended, someone could put a keylogger in it. Don’t forget to check for hidden pinhole cameras around that capture you inputting your passwords. Etc, etc. Those even work against an encrypted drive…
Remember that time, when it was possible for about 6 years to hack into any Linux system (without drive encryption) which had GRUB by pressing backspace exactly 28 times? Yeah, good old times.
https://www.hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
That’s hyperbole. Such a system can be “hacked” by simply plugging in a usb-stick and booting from that instead, or dozens of other ways.
The only reason to use GRUB authentication I can think of would be in something like a kiosk.
Yeah that is not really an “OMG” vulnerability as I can also get into that machine by booting it with a USB drive, or plugging it’s drove into my own machine.
Does anyone here use GRUB authentication? If so why? What’s your threat model?
If the adversary has physical access you are generally pwned either way
Breh. What? I feel naked right now.
Better replace your keyboard everytime you leave it unattended, someone could put a keylogger in it. Don’t forget to check for hidden pinhole cameras around that capture you inputting your passwords. Etc, etc. Those even work against an encrypted drive…