1

The following site brought a question to mind. Go there and read the article.
They basically say that it's possible to bypass my cryptsetup password on my ubuntu version by holding down the Enter key for 70 seconds.

If this would be true, it would cause me some concern. I believed that linux OS has a good deal of security.

This vulnerability allows one to obtain a root initramfs shell on affected systems

Has anyone ever heard of this?

And, if yes - I know that it's from november 2016.

These researchers are offering a "fix". What do you think?

Thomas Ward
  • 78,878
encrypted
  • 11

1 Answers1

0

This CVE-2016-4484 issue was reported a while back which allowed any debian or redhat based distro to be hacked just by pressing the enter key for 60-70 secs.

The issue is similar to many other similar way you can gain access to login shell during boot process which is why they marked it low priority here https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1660701

I think the vulnerability is patched as the hacker gave an detailed description of his work and where the vulnerability is exactly so you don't have to worry. I think they released a patch but i'm not sure as i don't quite remember but as long as the issue is concerned its way below critical to be start panicking about as there are more similar bugs out there.

Suraj Mandal
  • 324