Major Flaw in GRUB 2.0 Addressed

GRUB 2.0, GRUB version 1.97 had a major security issue which allowed users to login by entering only a few characters of the password correctly. Only the sequence of characters had to be correct and for that matter, even one of the characters entered as password worked.

A recent bug-report from says:

GRUB accepts user input as valid password as long as user enters some first
characters of password correctly.

I.e. if /boot/grub/grub.cfg reads:

set superusers=”user1″
password user1 password1

Then user can enter “p”, “pa”, “pas” etc, and GRUB will ‘eat it’ as correct

Given this, the GRUB team addressed the flaw with the release of GRUB 1.97.1 which has a fix to the problem. Apart from this, the new version of GRUB also addresses a build problem with the Mac OS X kernel, support for which was added only in the latest GRUB 2.0.

Given the hype GRUB 2.0 had created with its rewritten code, object-oriented model and support for multiple kernels, security issues like these, makes it look like a hoopla to the Linux beginners. We should know, Linux beginners are simply more interested in no-one entering their computer by typing just anything at the password prompt, than all the developments of extended file system support and kernel support.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at You can connect with him on Twitter @ckandroid.