Article 21PQJ The "cryptsetup initrd root shell" vulnerability

The "cryptsetup initrd root shell" vulnerability

by
corbet
from LWN.net on (#21PQJ)
Hector Marco and Ismael Ripoll reporta discouraging vulnerability in many encrypted disk setups: simply runningup too many password failures will eventually result in a root shell."This vulnerability allows to obtain a root initramfs shell onaffected systems. The vulnerability is very reliable because it doesn'tdepend on specific systems or configurations. Attackers can copy, modify ordestroy the hard disc as well as set up the network to exfiltratedata. This vulnerability is specially serious in environments likelibraries, ATMs, airport machines, labs, etc, where the whole boot processis protect (password in BIOS and GRUB) and we only have a keyboard or/and amouse."
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments