You’re using Linux Disk Encryption? Can be bypassed by pressing ‘ENTER’ for 70 seconds!
A really dumb bug, but with a really simple fix!
A vulnerability in Cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems.
The security issue was discovered by the security researcher Hector Marco and relies to a vulnerability (CVE-2016–4484) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS, the standard implementation of disk encryption on a Linux-based operating system).
The Cryptsetup utility has a strange way to handle password failures for the decryption process when a system boots up, permitting a user retry the password multiple times.
When a user reach 93 password attempts, it is dropped to a shell that has root privileges.
In other words, if you enter a blank password 93 times — or simply hold down the ‘Enter’ key for roughly 70 seconds — you will gain access to a root initramfs shell.
I can fix it?
If your distribution is vulnerable and a patch is not yet available, the vulnerability can be fixed by modifying grub configuration, adding the “panic” parameter to the kernel in order to prevent a shell:
# sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub
More technical information on Hector Marco’s website