*** This bug is a security vulnerability *** Public security bug reported:
Test Case ========= Steps to Reproduce: 1. Enable Automatic Login for your account 2. Reboot 3. Lock screen 4. Click on the log in as another user button below the password prompt. Actual results: The screen unlocks without a password being entered. Expected results: A selection of other accounts is shown. Other Info ========== Cherry-picking this commit: https://git.gnome.org/browse/gdm/commit/?id=16f646 Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28 Therefore, this should only affect Ubuntu 17.04. Ubuntu GNOME was the only Ubuntu flavor to ship GDM by default in 17.04. https://security-tracker.debian.org/tracker/CVE-2017-12164 ** Affects: gdm3 (Ubuntu) Importance: Undecided Status: New ** Tags: artul ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12164 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1729354 Title: 17.04: GDM lock screen can be circumvented when autologin is set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1729354/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
