Bug#721388: gdm3: anyone can change the user's next session
bigon at debian.org
Mon Sep 9 15:26:30 UTC 2013
Le Mon, 2 Sep 2013 11:02:11 +0200,
Vincent Lefevre <vincent at vinc17.net> a écrit :
> Control: retitle -1 gdm3: anyone can change the user's next session
> in a more-or-less hidden way
> I've found the problem: someone has apparently changed my next session
> while I wasn't here. This is some kind of security problem: someone
> has more rights that he should have.
So if I understood correctly:
1) A "rogue" user has selected your user in the list and then changed
your session to something else.
2) When you arrived in front of the screen you saw that your user was
already selected and then you just typed your password
3) You were logged in using the wrong session.
Is that correct?
More information about the pkg-gnome-maintainers