Bug#433259: gdm: switched user get access to previous logged in user without a password
Josselin Mouette
joss at debian.org
Mon Jul 16 09:49:08 UTC 2007
Le lundi 16 juillet 2007 à 01:29 +0300, Martin Dimitrov a écrit :
> Package: gdm
> Version: 2.18.2-1
> Severity: critical
> Tags: security
> Justification: root security hole
>
> When loged user make a "switch user" and other user log on. After new user finish his work
> and want to log off he immediately get access to previous loged in user without need to type a password!
What method do you use to switch user? If it is in the logout menu, the
screen should be locked on the inactive screen.
Is gnome-screensaver or xscreensaver installed?
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
More information about the pkg-gnome-maintainers
mailing list