*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Ubuntu 12.10 with Unity desktop.
gnome-screensaver 3.6.0-0ubuntu2.
Problem:
Sometimes, when switching users, it is possible to see the contents of another
user's desktop, as well as any windows they may have open, WITHOUT entering
their password first.
Steps to reproduce:
This requires a computer which has at least two users – let's call them A and B.
1. Log in as user A.
2. Start a few applications, just to have some windows open on the desktop.
3. From the session menu, switch to user B and log in.
4. Start at least one application that will put the computer under high load
for a while.
5. From the session menu, switch to user A again.
What is expected to happen:
A password prompt window is shown, on a clean background.
What actually happens:
A's desktop, and the windows that are open there, is visible for a brief moment
before the password prompt appears. The higher the load on the computer, the
longer the desktop is visible.
This means that if several users are logged into a computer, one of them
can see what the others are doing without entering their password. This
is a breach of security.
** Affects: gnome-screensaver (Ubuntu)
Importance: Undecided
Status: New
--
When switching users, desktop is visible before password is entered
https://bugs.launchpad.net/bugs/1101790
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
