The security flaw was discovered by developers Ismael Ripoll and Hector Marco in the upstream GRUB2 packages, which did not correctly handled the backspace key when the bootloader was configured to use password protected authentication, thus allowing a local attacker to bypass GRUB’s password protection.