World-readable permissions for grub.cfg in Debian GNU GRUB Patch Allow Local Users to Obtain Password Hashes
CVE-2013-4577 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
Learn more about our Cis Benchmark Audit For Debian Linux.