1

Ubuntu disables password based root login by default. That seems like it results in being able to boot into recovery and drop into a root shell without needing to provide a password, from where you can then give yourself access to the system.

Am I missing something or is that a vulnerability in the default install that allows you to bypass needing an account password?

db579
  • 454

1 Answers1

0

Yes, someone with physical access to your device would be able to do whatever they like with it unless you are using full disk encryption. This is true for any unencrypted device.

Even with full disk encryption, someone with physical access could manipulate boot instructions or wipe the hard drive.

Nmath
  • 12,664