Looks like a bug in GNU GRUB 1.97 on Ubuntu 9.10 is significantly
decreasing the viability of grub passwords. It appears that grub is
only checking the first character of the passwords, reducing the
password strength to 1.
This only affects users that have a password on grub. Physical access
to the machine (or remote KVM) is required, which makes this a lower
vulnerability. It is still recommended to update to the latest version