>From what I've understood you've done the following : You are logged in as xy, then choose the "Switch user" option of the session logout box which point you to a new gdm greeter. At this point you entered a login, pressed enter and choose the "Remote login Via XDMCP" option. The X server reloaded and you saw the XDMCP box with a Cancel button, clicking on it closed the XDMCP box and instead of reloading gdm and have a clean greeter you were redirected back to tty7 which was the xy's session from where you started.
So if the above is correct, it's not a real security issue as it'd have been if you had been able to login into someone else session which wasn't already opened, the problem is more on why didn't gnome- screesaver started on that session and locked the screen as it should (I wasn't able to reproduce this bug as after clicking on Cancel I was brought back on my Gnome-Screensaver asking for my password). Is the above correct ? If yes can you create a blank account and try again, to see if that's a gnome-screensaver configuration issue ? -- On server login user can hack https://bugs.launchpad.net/bugs/124269 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
