Pwnie Awards 2017

The 2017 Pwnie Award For Most Over-Hyped Bug

Enter 30 to shell - Cryptsetup bug

Hector Marco, Ismael Ripoll

A vulnerability in the way cryptsetup unlocks LUKS encrypted partitions allowed attackers with physical access an initrd shell. This may allow an attacker to load some non desired OS or delete data. For very special machines, like ATMs, kiosks, etc, this might be a problem.

This attack was covered in threatpost and slashdot. However, even the slashdot commenters, in their great wisdom, figured out that it wasn’t a big deal.

Not hyped excessively but does require physical access and doesn’t even get you real shell.