Primary

Context

Finit Getty Configuration Bypass Vulnerability Allowing Unauthenticated Login

Vulnerability

A vulnerability in Finit, a fast init system for Linux, has been identified in versions from 3.0-rc1 prior to 4.11. The issue arises because the bundled implementation of getty for the 'tty' configuration directive can bypass the standard login process. This allows users to log in as any user without authentication. The vulnerability has been patched in version 4.11.

Impact

Exploitation of this vulnerability allows for unauthenticated login as any user, bypassing the normal authentication process.

Remediation

Users can upgrade to Finit version 4.11 or later, or use an external getty such as agetty from their distribution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Finit Getty Configuration Bypass Vulnerability Allowing Unauthenticated Login

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating