Remember that time, when it was possible for about 6 years to hack into any Linux system (without drive encryption) which had GRUB by pressing backspace exactly 28 times? Yeah, good old times.
Yeah that is not really an “OMG” vulnerability as I can also get into that machine by booting it with a USB drive, or plugging it’s drove into my own machine.
Remember that time, when it was possible for about 6 years to hack into any Linux system (without drive encryption) which had GRUB by pressing backspace exactly 28 times? Yeah, good old times.
https://www.hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Yeah that is not really an “OMG” vulnerability as I can also get into that machine by booting it with a USB drive, or plugging it’s drove into my own machine.
That’s hyperbole. Such a system can be “hacked” by simply plugging in a usb-stick and booting from that instead, or dozens of other ways.
The only reason to use GRUB authentication I can think of would be in something like a kiosk.
Does anyone here use GRUB authentication? If so why? What’s your threat model?
If the adversary has physical access you are generally pwned either way
Breh. What? I feel naked right now.