CVE-2009-4128

CVSS 7.2 - HIGH

Description

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

Affected Products

1

Vendor	Product	Version
gnu	grub_2	`1.97`

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...

http://www.openwall.com/lists/oss-security/2024/01...

http://www.securityfocus.com/bid/36968

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...

http://www.openwall.com/lists/oss-security/2024/01...

http://www.securityfocus.com/bid/36968

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

Weakness Types

CWE-287

CVE Information

CVE ID:: CVE-2009-4128
Published:: 2009-12-01
Modified:: 2026-04-23
CVSS Score:: 7.2
Severity:: HIGH
Vector:: AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected Vendors

gnu

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL