You have been subscribed to a public bug:
Ubuntu 12.04.1 64 bit: I have found what appears that it could be a serious
security issue in a multi-user situation (e.g. a computer lab, etc). If user1
is using XFCE and the switchuser applet is used to switch to user2 in Unity
then if user2 picks to switchuser from Unity back to user1 it opens the
previous XFCE session for user1 without any password needed. Hopefully this
description makes sense. I have checked and this is reproduced each time.
Here is a simple summary when using the switchuser functions:
user1-XFCE to user2-Unity = user2-password required, user2-Unity back to
user1-XFCE = NO password required (SECURITY RISK, user1 account could be
compromised)
** Affects: xscreensaver (Ubuntu)
Importance: Undecided
Status: New
--
Switchuser from user1 in Unity back to other user2 in XFCE opens user2 session
with no password needed
https://bugs.launchpad.net/bugs/1073770
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xscreensaver in Ubuntu.
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
