** Changed in: ubuntu-mate
Status: New => Confirmed
** Information type changed from Public Security to Private Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1706770
Title:
Lock screen can be bypassed when auto-login is enabled.
Status in Ubuntu MATE:
Confirmed
Status in lightdm package in Ubuntu:
Confirmed
Status in mate-session-manager package in Ubuntu:
Confirmed
Bug description:
16.04 LTS
=========
Hi,
My machine is set up with full-disk encryption, so it requires a
password when I boot it up. Because of this I thought I would enable
auto-login to avoid having to enter two passwords at boot.
When I leave my computer for short periods of time, I lock it. I
thought this was working fine for a long time, but I've discovered the
lock screen is actually easily bypassable when auto-login is enabled.
All one has to do is click "Switch User" on the lock screen, then
press "Unlock" and the computer unlocks without prompting for a
password.
Perhaps this is just me being an idiot, but I thought this was secure
until now. It seems like either unlocking should always require a
password (otherwise what's the point of locking in the first place) or
it should be made totally obvious that unlocking doesn't actually
require a password (i.e. removing the password box from the lock
screen when auto-login is enabled).
Thanks,
Chris
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-mate/+bug/1706770/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
