Ubuntu
unity package

lock screen bypass

Bug #1313885 reported by Frederic BARDY on 2014-04-28

322

This bug affects 14 people

	Status	Importance	Assigned to	Milestone
Unity	Fix Released	Critical	Irfan Fauzan	Unity 7.2.1 "14.04 SRU 1"
unity (Ubuntu)	Fix Released	Critical	Marco Trevisan (Treviño)
Trusty	Fix Released	Critical	Marc Deslauriers
Utopic	Fix Released	Critical	Marco Trevisan (Treviño)

Bug Description

I found a bug allowing a user to bypass the new lock screen of Ubuntu 14.04

1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.

Here is a video demonstrating this bug : http://www.youtube.com/watch?v=d4UUB0sI5Fc

lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04

Ubuntu version updated the 04/28/2014

apt-cache policy unity
unity:
  Installed: 7.2.0+14.04.20140416-0ubuntu1
  Candidate: 7.2.0+14.04.20140416-0ubuntu1
  Version table:
*** 7.2.0+14.04.20140416-0ubuntu1 0
        500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Tags:

Related branches

lp:~brandontschaefer/unity/lp.1313885-fix

Rejected for merging into lp:unity

PS Jenkins bot (community): Approve (continuous-integration) on 2014-04-28

Andrea Azzarone (community): Approve on 2014-04-28

lp:~3v1n0/unity/lockscreen-keys-disable

Merged into lp:unity at revision 3792

PS Jenkins bot (community): Approve (continuous-integration) on 2014-04-29

Brandon Schaefer (community): Approve on 2014-04-29

Frederic BARDY (frederic-bardy) on 2014-04-28

information type:

Private Security → Public Security

Marc Deslauriers (mdeslaur) on 2014-04-28

Changed in unity (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Critical

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2014-04-28:

I can get the dash to pop up (which is an issue), but I cant input anything into the dash. It goes to the input for the lockscreen.

Either way, the command lens shouldn't be popping up.

Changed in unity (Ubuntu):
assignee:	nobody → Brandon Schaefer (brandontschaefer)
status:	Confirmed → In Progress
Changed in unity:
status:	New → In Progress
importance:	Undecided → Critical
assignee:	nobody → Brandon Schaefer (brandontschaefer)

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

Changed in unity:
milestone:	none → 7.2.1

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

Changed in unity:
assignee:	Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
assignee:	Brandon Schaefer (brandontschaefer) → Marco Trevisan (Treviño) (3v1n0)

Marco Trevisan (Treviño) (3v1n0) on 2014-04-29

tags:

added: lockscreen

Marc Deslauriers (mdeslaur) on 2014-04-29

Changed in unity (Ubuntu):
assignee:	Marco Trevisan (Treviño) (3v1n0) → Marc Deslauriers (mdeslaur)
Changed in unity (Ubuntu Trusty):
status:	New → In Progress
importance:	Undecided → Critical
assignee:	nobody → Marc Deslauriers (mdeslaur)

Marc Deslauriers (mdeslaur) on 2014-04-29

Changed in unity (Ubuntu Utopic):
assignee:	Marc Deslauriers (mdeslaur) → Marco Trevisan (Treviño) (3v1n0)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-04-29:

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass (LP: #1313885)
    - debian/patches/lp1313885.patch: improve lockscreen logic in
      lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
      plugins/unityshell/src/unityshell.*.
-- Marc Deslauriers <email address hidden> Mon, 28 Apr 2014 22:29:13 -0400

Changed in unity (Ubuntu Trusty):
status:	In Progress → Fix Released

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-04-29:

http://www.ubuntu.com/usn/usn-2184-1/

Revision history for this message

azul (azul) wrote on 2014-04-29:

I can still bypass the logscreen by rightclicking the indicators.

In order to reproduce:

Open a Terminal
Press CTRL+ALT+L to lock the screen
right click the indicators some times
type and you will enter into the terminal not the password field

The easiest way to reproduce this is to play some music with mplayer in the terminal. If you can stop the music, skip a song etc. with your keys press CTRL+c to quit mplayer. Now you can type whatever you want and it will be executed.

This probably affects other Programs. I can even switch the terminal with the default shortcuts. I guess i could also start one with CTRL+ALT+T but i need to confirm that.

I just installed the fix above. Have not rebooted though. So that might fix it.

Revision history for this message

azul (azul) wrote on 2014-04-29:

Confirmed that CTRL+ALT+T for a new terminal works.

Revision history for this message

azul (azul) wrote on 2014-04-29:

reboot did not fix it.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-04-29:

@azul: please file a new bug, that is likely a different issue.

Revision history for this message

Mateusz Stachowski (stachowski-mateusz) wrote on 2014-04-29:

@azul and @Marc I reported a new bug for the problem discovered by azul.

https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1314294

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-04-30:

This bug was fixed in the package unity - 7.2.0+14.04.20140423-0ubuntu1.1

---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium

Changed in unity (Ubuntu Utopic):
status:	In Progress → Fix Released

Marco Trevisan (Treviño) (3v1n0) on 2014-05-02

Changed in unity:
status:	In Progress → Fix Committed

Irfan Fauzan (irfan-it2988) on 2014-05-11

Changed in unity:
assignee:	Marco Trevisan (Treviño) (3v1n0) → Irfan Fauzan (irfan-it2988)

Stephen M. Webb (bregma) on 2014-06-04

Changed in unity:
status:	Fix Committed → Fix Released

Revision history for this message

Ariel Gerardo Crespín (thematrixnmt) wrote on 2015-03-22:

#10

Hello.
When i tried to unlock the lockscreen,i enter with any password and with no password.
The same is when i log in my session.
My account has a very strong password made during installation.
Thanks for your help.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunity package

lock screen bypass

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
unity package