Ability To Change Root User Password (Vulnerability?)Storing application secrets safely on LinuxForgot Password VulnerabilityHarden root remote accessroot with no passwordLinux: is sending prompt notifications on ssh logins a security measure?Root access without passwordSUID not executing as rootCan root user have access to MySQL data?An application started by the root user has root privileges?How do I verify that a user on a remote system has root access?
What ways have you found to get edits from non-LaTeX users?
Russian word for a male zebra
How to decline a wedding invitation from a friend I haven't seen in years?
sed + add word before string only if not exists
You have (3^2 + 2^3 + 2^2) Guesses Left. Figure out the Last one
Overlapping String-Blocks
Who won a Game of Bar Dice?
貧しい【まずしい】 poor 貧乏【びんぼう】な poor What's the difference?
Is it legal for a bar bouncer to confiscate a fake ID
CSV how to trim values to 2 places in multiple columns using UNIX
GroupBy operation using an entire dataframe to group values
Is it safe to change the harddrive power feature so that it never turns off?
Should I ask for an extra raise?
Is an entry level DSLR going to shoot nice portrait pictures?
Teaching a class likely meant to inflate the GPA of student athletes
Who enforces MPAA rating adherence?
Thread Pool C++ Implementation
Why does the Mishnah use the terms poor person and homeowner when discussing carrying on Shabbat?
Artificer Creativity
Let M and N be single-digit integers. If the product 2M5 x 13N is divisible by 36, how many ordered pairs (M,N) are possible?
Wooden cooking layout
I have a problematic assistant manager, but I can't fire him
Why does Sin[b-a] simplify to -Sin[a-b]?
How to trick the reader into thinking they're following a redshirt instead of the protagonist?
Ability To Change Root User Password (Vulnerability?)
Storing application secrets safely on LinuxForgot Password VulnerabilityHarden root remote accessroot with no passwordLinux: is sending prompt notifications on ssh logins a security measure?Root access without passwordSUID not executing as rootCan root user have access to MySQL data?An application started by the root user has root privileges?How do I verify that a user on a remote system has root access?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I am studying for my RHCSA exam, and one of the topics is the ability to "change a forgotten root user password." This is an official exam objective and even has official Redhat documentation.
How is this not a glaring security vulnerability? Shouldn't the ability to change a root user password not exist? I get that you need to have physical access to a machine (which makes it harder to implement) but why even have a password at all if it can just be changed like this? Is there a way to disable this 'feature' so that it cannot be changed from GRUB like this?
Can you do this in all other Linux distros as well? Or is this a Redhat exclusive ability?
linux password-reset root
edited 6 hours ago
schroeder♦
82.8k34185222
asked 8 hours ago
Tobin ShieldsTobin Shields
876
add a comment |
I am studying for my RHCSA exam, and one of the topics is the ability to "change a forgotten root user password." This is an official exam objective and even has official Redhat documentation.
How is this not a glaring security vulnerability? Shouldn't the ability to change a root user password not exist? I get that you need to have physical access to a machine (which makes it harder to implement) but why even have a password at all if it can just be changed like this? Is there a way to disable this 'feature' so that it cannot be changed from GRUB like this?
Can you do this in all other Linux distros as well? Or is this a Redhat exclusive ability?
linux password-reset root
edited 6 hours ago
schroeder♦
82.8k34185222
asked 8 hours ago
Tobin ShieldsTobin Shields
876
Look at KonBoot for Windows. No OS is secure under a physical attack, as mentioned in the answer.
– multithr3at3d
2 hours ago
add a comment |
I am studying for my RHCSA exam, and one of the topics is the ability to "change a forgotten root user password." This is an official exam objective and even has official Redhat documentation.
How is this not a glaring security vulnerability? Shouldn't the ability to change a root user password not exist? I get that you need to have physical access to a machine (which makes it harder to implement) but why even have a password at all if it can just be changed like this? Is there a way to disable this 'feature' so that it cannot be changed from GRUB like this?
Can you do this in all other Linux distros as well? Or is this a Redhat exclusive ability?
linux password-reset root
edited 6 hours ago
schroeder♦
82.8k34185222
asked 8 hours ago
Tobin ShieldsTobin Shields
876
I am studying for my RHCSA exam, and one of the topics is the ability to "change a forgotten root user password." This is an official exam objective and even has official Redhat documentation.
How is this not a glaring security vulnerability? Shouldn't the ability to change a root user password not exist? I get that you need to have physical access to a machine (which makes it harder to implement) but why even have a password at all if it can just be changed like this? Is there a way to disable this 'feature' so that it cannot be changed from GRUB like this?
Can you do this in all other Linux distros as well? Or is this a Redhat exclusive ability?
linux password-reset root
linux password-reset root
edited 6 hours ago
schroeder♦
82.8k34185222
asked 8 hours ago
Tobin ShieldsTobin Shields
876
edited 6 hours ago
schroeder♦
82.8k34185222
asked 8 hours ago
Tobin ShieldsTobin Shields
876
edited 6 hours ago
schroeder♦
82.8k34185222
edited 6 hours ago
schroeder♦
82.8k34185222
edited 6 hours ago
schroeder♦
82.8k34185222
82.8k34185222
asked 8 hours ago
Tobin ShieldsTobin Shields
876
asked 8 hours ago
Tobin ShieldsTobin Shields
876
asked 8 hours ago
Tobin ShieldsTobin Shields
876
876
Look at KonBoot for Windows. No OS is secure under a physical attack, as mentioned in the answer.
– multithr3at3d
2 hours ago
add a comment |
Look at KonBoot for Windows. No OS is secure under a physical attack, as mentioned in the answer.
– multithr3at3d
2 hours ago
Look at KonBoot for Windows. No OS is secure under a physical attack, as mentioned in the answer.
– multithr3at3d
2 hours ago
Look at KonBoot for Windows. No OS is secure under a physical attack, as mentioned in the answer.
– multithr3at3d
2 hours ago
add a comment |
1 Answer
1
active
oldest
votes
You pretty much hit the nail on the head when you said that you need physical access to the machine.
If you have physical access, you don't need to go through the official steps to reset the root password, as you can flips bits on the hard drive directly, if you know what you're doing. I.e., you can boot up a recovery OS from a DVD or flash drive, and mount the drive that way to gain complete read/write access to the entire disk.
Disk encryption will mitigate the risk, but doesn't remove it entirely. It is best to assume that an attacker with physical access will be able to influence every aspect of the device in time.
Since it's assumed that attackers with physical access will always gain privileged account access eventually, there's little point in putting the legitimate administrators through extra trouble if they lost their password.
Every Linux distro that I have used has had this feature, though it's possible that some of the distros aimed at a more paranoid audience could disable this.
In addition, it's a standard feature in BSD Unixes, was tested for on the CCNA exam at least 15 years ago when I took it for Cisco devices, and it's fairly trivial to reset passwords on a Windows machine if it isn't explicitly secured.
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f211427%2fability-to-change-root-user-password-vulnerability%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You pretty much hit the nail on the head when you said that you need physical access to the machine.
If you have physical access, you don't need to go through the official steps to reset the root password, as you can flips bits on the hard drive directly, if you know what you're doing. I.e., you can boot up a recovery OS from a DVD or flash drive, and mount the drive that way to gain complete read/write access to the entire disk.
Disk encryption will mitigate the risk, but doesn't remove it entirely. It is best to assume that an attacker with physical access will be able to influence every aspect of the device in time.
Since it's assumed that attackers with physical access will always gain privileged account access eventually, there's little point in putting the legitimate administrators through extra trouble if they lost their password.
Every Linux distro that I have used has had this feature, though it's possible that some of the distros aimed at a more paranoid audience could disable this.
In addition, it's a standard feature in BSD Unixes, was tested for on the CCNA exam at least 15 years ago when I took it for Cisco devices, and it's fairly trivial to reset passwords on a Windows machine if it isn't explicitly secured.
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
add a comment |
You pretty much hit the nail on the head when you said that you need physical access to the machine.
If you have physical access, you don't need to go through the official steps to reset the root password, as you can flips bits on the hard drive directly, if you know what you're doing. I.e., you can boot up a recovery OS from a DVD or flash drive, and mount the drive that way to gain complete read/write access to the entire disk.
Disk encryption will mitigate the risk, but doesn't remove it entirely. It is best to assume that an attacker with physical access will be able to influence every aspect of the device in time.
Since it's assumed that attackers with physical access will always gain privileged account access eventually, there's little point in putting the legitimate administrators through extra trouble if they lost their password.
Every Linux distro that I have used has had this feature, though it's possible that some of the distros aimed at a more paranoid audience could disable this.
In addition, it's a standard feature in BSD Unixes, was tested for on the CCNA exam at least 15 years ago when I took it for Cisco devices, and it's fairly trivial to reset passwords on a Windows machine if it isn't explicitly secured.
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
add a comment |
You pretty much hit the nail on the head when you said that you need physical access to the machine.
If you have physical access, you don't need to go through the official steps to reset the root password, as you can flips bits on the hard drive directly, if you know what you're doing. I.e., you can boot up a recovery OS from a DVD or flash drive, and mount the drive that way to gain complete read/write access to the entire disk.
Disk encryption will mitigate the risk, but doesn't remove it entirely. It is best to assume that an attacker with physical access will be able to influence every aspect of the device in time.
Since it's assumed that attackers with physical access will always gain privileged account access eventually, there's little point in putting the legitimate administrators through extra trouble if they lost their password.
Every Linux distro that I have used has had this feature, though it's possible that some of the distros aimed at a more paranoid audience could disable this.
In addition, it's a standard feature in BSD Unixes, was tested for on the CCNA exam at least 15 years ago when I took it for Cisco devices, and it's fairly trivial to reset passwords on a Windows machine if it isn't explicitly secured.
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
You pretty much hit the nail on the head when you said that you need physical access to the machine.
If you have physical access, you don't need to go through the official steps to reset the root password, as you can flips bits on the hard drive directly, if you know what you're doing. I.e., you can boot up a recovery OS from a DVD or flash drive, and mount the drive that way to gain complete read/write access to the entire disk.
Disk encryption will mitigate the risk, but doesn't remove it entirely. It is best to assume that an attacker with physical access will be able to influence every aspect of the device in time.
Since it's assumed that attackers with physical access will always gain privileged account access eventually, there's little point in putting the legitimate administrators through extra trouble if they lost their password.
Every Linux distro that I have used has had this feature, though it's possible that some of the distros aimed at a more paranoid audience could disable this.
In addition, it's a standard feature in BSD Unixes, was tested for on the CCNA exam at least 15 years ago when I took it for Cisco devices, and it's fairly trivial to reset passwords on a Windows machine if it isn't explicitly secured.
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
answered 8 hours ago
GhedipunkGhedipunk
2,6231920
2,6231920
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f211427%2fability-to-change-root-user-password-vulnerability%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Look at KonBoot for Windows. No OS is secure under a physical attack, as mentioned in the answer.
– multithr3at3d
2 hours ago