[Bug 881147] [NEW] alt+f7 gain full access to a password protected account

Goldy 881147 at bugs.launchpad.net
Mon Oct 24 22:59:45 UTC 2011 

*** This bug is a security vulnerability ***

Public security bug reported:

On ubuntu 10.04, I choose System > Disconnect > Swich User,
then at the login screen I click Ctrl+Alt+F4 to get a command line over a black screen. the problem: clicking Alt+F7 redirect back to my password 'protected' desktop WITHOUT entering password!

How is it possible and how can I fix it?

Description:	Ubuntu 10.04.3 LTS
Release:	10.04

apt-cache policy login
login:
  Installed: 1:4.1.4.2-1ubuntu2
  Candidate: 1:4.1.4.2-1ubuntu2.2

I expect to go back to the login screen, NOT skipping the password. the
whole idea of a password is to protect the data...

p.s
I can't use "lock screen" because it aventualy freeze my desktop, & the only release is the "reset" button.

** Affects: shadow (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: login-screen password security

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/881147

Title:
  alt+f7 gain full access to a password protected account

Status in “shadow” package in Ubuntu:
  New

Bug description:
  On ubuntu 10.04, I choose System > Disconnect > Swich User,
  then at the login screen I click Ctrl+Alt+F4 to get a command line over a black screen. the problem: clicking Alt+F7 redirect back to my password 'protected' desktop WITHOUT entering password!

  How is it possible and how can I fix it?

  Description:	Ubuntu 10.04.3 LTS
  Release:	10.04

  apt-cache policy login
  login:
    Installed: 1:4.1.4.2-1ubuntu2
    Candidate: 1:4.1.4.2-1ubuntu2.2

  I expect to go back to the login screen, NOT skipping the password.
  the whole idea of a password is to protect the data...

  p.s
  I can't use "lock screen" because it aventualy freeze my desktop, & the only release is the "reset" button.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/881147/+subscriptions

More information about the foundations-bugs mailing list