Dammit! I cant believe this level of lack of security could happen in this project. WHAT A SHAME!
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1706770 Title: Lock screen can be bypassed when auto-login is enabled. Status in Ubuntu MATE: Confirmed Status in lightdm package in Ubuntu: Fix Committed Status in mate-session-manager package in Ubuntu: Confirmed Bug description: 16.04 LTS ========= Hi, My machine is set up with full-disk encryption, so it requires a password when I boot it up. Because of this I thought I would enable auto-login to avoid having to enter two passwords at boot. When I leave my computer for short periods of time, I lock it. I thought this was working fine for a long time, but I've discovered the lock screen is actually easily bypassable when auto-login is enabled. All one has to do is click "Switch User" on the lock screen, then press "Unlock" and the computer unlocks without prompting for a password. Perhaps this is just me being an idiot, but I thought this was secure until now. It seems like either unlocking should always require a password (otherwise what's the point of locking in the first place) or it should be made totally obvious that unlocking doesn't actually require a password (i.e. removing the password box from the lock screen when auto-login is enabled). Thanks, Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1706770/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
