World-readable permissions for grub.cfg in Debian GNU GRUB Patch Allow Local Users to Obtain Password Hashes

World-readable permissions for grub.cfg in Debian GNU GRUB Patch Allow Local Users to Obtain Password Hashes

CVE-2013-4577 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.

Learn more about our Cis Benchmark Audit For Debian Linux.