The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cryptsetup | Cryptsetup_project | * | 2.1.7.3-2 (including) |
| Cryptsetup | Ubuntu | artful | * |
| Cryptsetup | Ubuntu | cosmic | * |
| Cryptsetup | Ubuntu | disco | * |
| Cryptsetup | Ubuntu | eoan | * |
| Cryptsetup | Ubuntu | esm-infra-legacy/trusty | * |
| Cryptsetup | Ubuntu | esm-infra/xenial | * |
| Cryptsetup | Ubuntu | precise | * |
| Cryptsetup | Ubuntu | precise/esm | * |
| Cryptsetup | Ubuntu | trusty | * |
| Cryptsetup | Ubuntu | trusty/esm | * |
| Cryptsetup | Ubuntu | upstream | * |
| Cryptsetup | Ubuntu | vivid/stable-phone-overlay | * |
| Cryptsetup | Ubuntu | vivid/ubuntu-core | * |
| Cryptsetup | Ubuntu | xenial | * |
| Cryptsetup | Ubuntu | yakkety | * |
| Cryptsetup | Ubuntu | zesty | * |