*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: vinagre
When a user is logged in, I can enable the remote desktop AND disable
the 'you must confirm each access to this machine' without being asked
for a password.
In this way, I can change the settings when the user is logged in (I use
auto-login in ubuntu, so that's very easy), get his/her ip adress and
sneak into this machine when the machine is online, without any
knowlegde from the user!
shouldn't there be asked for the root password for security?
** Affects: vinagre (Ubuntu)
Importance: Undecided
Status: New
** Tags: security vinagre
--
vinagre should ask root password to make changes in settings
https://bugs.edge.launchpad.net/bugs/686535
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
