The new version of the GNU GRUB boot loader, 1.97.1, has closed a security hole in the previous version, which allowed passwords to be easily circumvented. The password protection is available in GRUB to prevent unauthorized modification of the boot parameters. Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords. The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website.
Source: https://threatpost.com/password-hole-fixed-gnu-grub-update-111009/73063/