1

Ubuntu disables password based root login by default. That seems like it results in being able to boot into recovery and drop into a root shell without needing to provide a password, from where you can then give yourself access to the system.

Am I missing something or is that a vulnerability in the default install that allows you to bypass needing an account password?

db579
  • 454
  • Your question is not clear. But, as long as the boot disk containing the /etc/passwd file is not encrypted and you have physical access to the system or boot disk, you can always give yourself "root" access. – FedKad Jul 21 '21 at 08:34
  • And also: https://askubuntu.com/questions/842070/how-is-being-able-to-break-into-any-linux-machine-through-grub2-secure – muru Jul 21 '21 at 08:34
  • If they have physical access, there are LOTS of ways to bypass login. Example: Plugging in a LiveUSB. – user535733 Jul 21 '21 at 12:58

1 Answers1

0

Yes, someone with physical access to your device would be able to do whatever they like with it unless you are using full disk encryption. This is true for any unencrypted device.

Even with full disk encryption, someone with physical access could manipulate boot instructions or wipe the hard drive.

Nmath
  • 12,333