Vulnerability of Linux Related To Its Password Protection
by Brian on December 22, 2015
You might want to rethink about keeping your important files in a Linux based computer because Linux has been found being exposed badly to even pettiest hacking attempts. According to a report, about a research by security experts, in PC world, hitting the backspace key 28 times can bypass password protected lock screen in Linux.
It is worth repeating that any layman can now access highly complex Linux servers without even entering the password. This vulnerability of Linux was discovered by a researchers’ team from Cybersecurity Group. According to them, pressing backspace 28 times makes use of Grub2 bootloader, instantly authorizing user to log in.
This process is basically caused by initiation of Grub rescue shell. This initiation prompts the user to bypass log on screen without typing the password in. GRUB’s main task is to allow the creation of multiple usernames on a computer.
With this news about simple hacks, companies with entire networks being set up on Linux based systems should have something big to worry about. All an employee will need to do is to hit backspace 28 times and he/she will get complete and unrestricted access to a hard drive which was supposed to be secured.
There are very alarming security concerns with this weakness of Linux because it can lead to the computer’s security badly exposed to a very small hack. Any cybercriminal with access to sensitive information can do serious damage to an organization’s integrity and even the financial assets. Moreover, this vulnerability has also increased the chances of manual malwares attacks.
This security leak, which is also known as CVE-2015-8370, is present in all Grub2 versions from 1.98 to 2.02. Since many of the top organizations around the globe have their servers based on Linux based platforms, this issue is being seen as a major blow to the overall cyber security. However, different Linux based operating systems namely Debian, Ubuntu, red hat and several others have released updates that fix this issue. Therefore, it is highly recommended for the Linux users to allow installation of updates that target Grub2 fix.