A security vulnerability discovered in numerous Linux distros potentially puts millions of users at risk. CVE-2016-4484 (Cryptsetup Initrd root Shell) affects the Cryptsetup script that is used to unlock partitions encrypted with LUKS (Linux Unified Key Setup). The flaw means that it is possible for a hacker to access, change or delete data on the hard drive, and it is not even necessary to have physical access to exploit the vulnerability in every circumstance. But the worrying thing is just how easy the problem is to exploit. The problem lies in the way password checking is handled by /scripts/local-top/cryptroot. By… [Continue Reading]