#6 Chris quote: 4. Go to "System" -> "Administration" -> "Users and Groups". 5. Change password from "Asked on logon" to "Not asked on logon". 6. Lock your machine. 7. Press "Switch User". 8. Observe no password is required to unlock as the current user.
I confirm this issue on Ubuntu Mate 20.04.0 in a virtual machine. I can reproduce it each times. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1706770 Title: Lock screen can be bypassed when auto-login is enabled. Status in Ubuntu MATE: Confirmed Status in lightdm package in Ubuntu: Fix Committed Status in mate-session-manager package in Ubuntu: Confirmed Bug description: 16.04 LTS ========= Hi, My machine is set up with full-disk encryption, so it requires a password when I boot it up. Because of this I thought I would enable auto-login to avoid having to enter two passwords at boot. When I leave my computer for short periods of time, I lock it. I thought this was working fine for a long time, but I've discovered the lock screen is actually easily bypassable when auto-login is enabled. All one has to do is click "Switch User" on the lock screen, then press "Unlock" and the computer unlocks without prompting for a password. Perhaps this is just me being an idiot, but I thought this was secure until now. It seems like either unlocking should always require a password (otherwise what's the point of locking in the first place) or it should be made totally obvious that unlocking doesn't actually require a password (i.e. removing the password box from the lock screen when auto-login is enabled). Thanks, Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1706770/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp