*** This bug is a security vulnerability *** Public security bug reported:
I found a bug allowing a user to bypass the new lock screen of Ubuntu 14.04 1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available. 2 - Press ALT+F2 3 - you can execute the command you whant on behalf of the logged user. Here is a video demonstrating this bug : http://www.youtube.com/watch?v=d4UUB0sI5Fc lsb_release -rd Description: Ubuntu 14.04 LTS Release: 14.04 Ubuntu version updated the 04/28/2014 apt-cache policy unity unity: Installed: 7.2.0+14.04.20140416-0ubuntu1 Candidate: 7.2.0+14.04.20140416-0ubuntu1 Version table: *** 7.2.0+14.04.20140416-0ubuntu1 0 500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status ** Affects: unity (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1313885 Title: lock screen bypass To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
