CVE-2009-4128

EPSS 0.04%

Published: 12/1/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-4128

Description

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

Affected packages (1)

Debian/grub2from 0, < 1.97+20091115-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-4128