[Bug 1777415] Re: Local authorization bypass by using suspend mode
Jarno Suni
1777415 at bugs.launchpad.net
Fri Jul 20 10:49:51 UTC 2018
Seth, what do you mean by Xfce's screenslocking package? Ubuntu Mate
18.04 does not contain light-locker package by default:
http://cdimage.ubuntu.com/ubuntu-mate/releases/18.04/release/ubuntu-
mate-18.04-desktop-amd64.manifest
What is the screenlocking package for Mate?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1777415
Title:
Local authorization bypass by using suspend mode
Status in Unity:
New
Status in pam package in Ubuntu:
Confirmed
Status in unity package in Ubuntu:
Confirmed
Bug description:
Version: Ubuntu 16.04.04 LTS Desktop, all packets are updated at 15.06.2018
Affects: access to latest user opened applications, that can contain sensitive information (documents, private information, passwords, etc.)
How to reproduce:
1. open some applications (LibreOffice, browsers, editors, ...)
2. go to suspend mode
3. extract hard drive
4. wake up
5. after that can be several behaviors:
* Ubuntu show lock screen. Enter ANY password -> access granted.
* Ubuntu show lock screen. Enter ANY password, access denied. Fast press the hardware shutdown button -> access granted.
* Ubuntu does not show lock screen, only black screen. We can repeat actions like in previous paragraphs
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1777415/+subscriptions
More information about the foundations-bugs
mailing list