It was discovered that GRUB 2 did not properly validate passwords. An attacker with physical access could conduct a brute force attack and bypass authentication by submitting a 1 character password.