Lock screen can be bypassed when auto-login is enabled via gnome-system-tools
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
arctica-greeter (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
gnome-system-tools (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
lightdm (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
mate-screensaver (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
mate-session-manager (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
ubuntu-mate-meta (Ubuntu) |
Fix Released
|
Critical
|
Martin Wimpress |
Bug Description
16.04 LTS
=========
Hi,
My machine is set up with full-disk encryption, so it requires a password when I boot it up. Because of this I thought I would enable auto-login to avoid having to enter two passwords at boot.
When I leave my computer for short periods of time, I lock it. I thought this was working fine for a long time, but I've discovered the lock screen is actually easily bypassable when auto-login is enabled. All one has to do is click "Switch User" on the lock screen, then press "Unlock" and the computer unlocks without prompting for a password.
Perhaps this is just me being an idiot, but I thought this was secure until now. It seems like either unlocking should always require a password (otherwise what's the point of locking in the first place) or it should be made totally obvious that unlocking doesn't actually require a password (i.e. removing the password box from the lock screen when auto-login is enabled).
Thanks,
Chris
Changed in ubuntu-mate: | |
importance: | Undecided → High |
Changed in mate-session-manager (Ubuntu): | |
importance: | Undecided → High |
information type: | Private Security → Public Security |
Changed in ubuntu-mate: | |
status: | New → Confirmed |
information type: | Public Security → Private Security |
information type: | Private Security → Public Security |
Changed in lightdm (Ubuntu): | |
status: | Confirmed → Fix Committed |
tags: | added: xenial |
tags: | added: bionic focal |
no longer affects: | ubuntu-mate |
Changed in mate-session-manager (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in lightdm (Ubuntu): | |
status: | Fix Committed → Invalid |
Changed in arctica-greeter (Ubuntu): | |
status: | New → Invalid |
Changed in gnome-system-tools (Ubuntu): | |
status: | New → Confirmed |
status: | Confirmed → Triaged |
Changed in mate-screensaver (Ubuntu): | |
status: | New → Invalid |
Changed in ubuntu-mate-meta (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Critical |
assignee: | nobody → Martin Wimpress (flexiondotorg) |
Changed in ubuntu-mate-meta (Ubuntu): | |
status: | In Progress → Fix Committed |
Hi! Can I make this bug public so more developers can see it?
Thanks!