Ubuntu
gnome-screensaver package

Lock Screen by-pass

Bug #484072 reported by saint on 2009-11-17

262

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnome-screensaver (Ubuntu)	Invalid	High	Ubuntu Desktop Bugs

Bug Description

Binary package hint: gdm

I upgraded from ubuntu 9.04 to 9.10. I have not had any major problems as of yet.

When my screen was locked I tried to log back in, but accidentally inserted the wrong password. So the login-prompt locks for a bit
and starts shaking, but while it was still shaking the dialogue enables, so that I can click the Cancel button, and I did. Which allowed me back in to box with no password. All I needed was a wrong password.

After this I was not able to lock the screen with ctrl + alt + L or manually through the menu. A restart of gdm (or log off and log back in) is needed to lock screen again.

See original description

Jamie Strandboge (jdstrand) on 2009-11-20

visibility:

private → public

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-11-20:

#1

Thank you for using Ubuntu and taking the time to report a bug. Are you able to reproduce this after you logout and back in?

affects:	gdm (Ubuntu) → gnome-screensaver (Ubuntu)
Changed in gnome-screensaver (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	New → Incomplete

Revision history for this message

saint (saintfiends) wrote on 2009-11-20:

#2

Yes, I was able to reproduce it. Tried more than ones.
(Logout -> Log Back In -> Lock screen -> Enter Wrong password -> Hit Cancel While it's shaking)

saint (saintfiends) on 2009-11-21

description:

updated

Revision history for this message

Tomas Pospisek (tpo-deb) wrote on 2010-01-19:

#3

I am under the impression, that that this is quite a rude security problem. Anyone can log into my laptop when it's locked?

Changed in gnome-screensaver (Ubuntu):
status:	Incomplete → New

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2010-01-19:

#4

I can't reproduce this. Can anyone other than the reporter reproduce this?

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-01-19:

#5

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please try to obtain a backtrace following the instructions at http://wiki.ubuntu.com/DebuggingProgramCrash and upload the backtrace (as an attachment) to the bug report. This will greatly help us in tracking down your problem.

Changed in gnome-screensaver (Ubuntu):
assignee:	Jamie Strandboge (jdstrand) → Ubuntu Desktop Bugs (desktop-bugs)
importance:	Undecided → High
status:	New → Incomplete

Revision history for this message

saint (saintfiends) wrote on 2010-01-30:

#6

One of the security updates must have fixed the problem. As I cannot reproduce the error now. I will however use the base installation without the updates and try reproduce the problem if that is needed.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2010-02-05:

#7

Thanks for reporting this issue. Since you cannot reproduce it anymore, I am closing this bug. Please reopen if you can give specific steps to reproduce.

Changed in gnome-screensaver (Ubuntu):
status:	Incomplete → Invalid

Revision history for this message

saint (saintfiends) wrote on 2010-03-26:

#8

I was not able to reproduce the bug on VirtualBox, but I tried installing from the downloadable image to a new system and was able to reproduce.
But it gets fixed when security updates are installed. So the bug does exist on the default install. It is fixed now.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.