CVE-2009-4128

Published: 01/12/2009 Updated: 16/01/2024

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate malicious users to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu grub 2 1.97

It was discovered that GRUB 2 did not properly validate passwords An attacker with physical access could conduct a brute force attack and bypass authentication by submitting a 1 character password ...

References: dfirru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/ accessredhatcom/security/cve/cve-2023-4001 Plain-text details taken from the first reference: Now, there is one more: CVE-2023-4001 <screenshot> A configuration file found in the EFI System Partition ...

CWE-287 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195 http://www.securityfocus.com/bid/36968 https://exchange.xforce.ibmcloud.com/vulnerabilities/54210 http://www.openwall.com/lists/oss-security/2024/01/15/3 https://nvd.nist.gov https://usn.ubuntu.com/868-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4128

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect