A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Grub | Gnu | - (including) | - (including) |
| Grub2 | Ubuntu | artful | * |
| Grub2 | Ubuntu | bionic | * |
| Grub2 | Ubuntu | cosmic | * |
| Grub2 | Ubuntu | devel | * |
| Grub2 | Ubuntu | disco | * |
| Grub2 | Ubuntu | eoan | * |
| Grub2 | Ubuntu | focal | * |
| Grub2 | Ubuntu | groovy | * |
| Grub2 | Ubuntu | hirsute | * |
| Grub2 | Ubuntu | lucid | * |
| Grub2 | Ubuntu | precise | * |
| Grub2 | Ubuntu | precise/esm | * |
| Grub2 | Ubuntu | quantal | * |
| Grub2 | Ubuntu | raring | * |
| Grub2 | Ubuntu | saucy | * |
| Grub2 | Ubuntu | trusty | * |
| Grub2 | Ubuntu | upstream | * |
| Grub2 | Ubuntu | utopic | * |
| Grub2 | Ubuntu | vivid | * |
| Grub2 | Ubuntu | vivid/ubuntu-core | * |
| Grub2 | Ubuntu | wily | * |
| Grub2 | Ubuntu | xenial | * |
| Grub2 | Ubuntu | yakkety | * |
| Grub2 | Ubuntu | zesty | * |