debdiff attached
** Patch added: "gdm3-autologin-lp1729354.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1729354/+attachment/5001922/+files/gdm3-autologin-lp1729354.debdiff
** Changed in: gdm3 (Ubuntu)
Status: New => Confirmed
** Bug watch added: GNOME Bug Tracker #783779
https://bugzilla.gnome.org/show_bug.cgi?id=783779
** Also affects: gdm via
https://bugzilla.gnome.org/show_bug.cgi?id=783779
Importance: Unknown
Status: Unknown
** Description changed:
Test Case
=========
Steps to Reproduce:
- 1. Enable Automatic Login for your account
- 2. Reboot
- 3. Lock screen
- 4. Click on the log in as another user button below the password prompt.
+ 1. From Ubuntu GNOME 17.04, open the Settings app.
+ 2. Click User Accounts then Unlock then turn on Automatic Login for your
account
+ 3. Reboot
+ 4. Lock screen (there is a lock button in the system status menu in the right
of the top bar)
+ 5. Click the log in as another user button below the password prompt.
Actual results:
The screen unlocks without a password being entered.
Expected results:
A selection of other accounts is shown.
Other Info
==========
Cherry-picking this commit:
https://git.gnome.org/browse/gdm/commit/?id=16f646
Introduced in
https://git.gnome.org/browse/gdm/commit/?id=ff98b28
Therefore, this should only affect Ubuntu 17.04. Ubuntu GNOME was the
only Ubuntu flavor to ship GDM by default in 17.04.
https://security-tracker.debian.org/tracker/CVE-2017-12164
** Tags removed: artul
** Tags added: zesty
** Description changed:
Test Case
=========
Steps to Reproduce:
1. From Ubuntu GNOME 17.04, open the Settings app.
2. Click User Accounts then Unlock then turn on Automatic Login for your
account
3. Reboot
4. Lock screen (there is a lock button in the system status menu in the right
of the top bar)
5. Click the log in as another user button below the password prompt.
Actual results:
The screen unlocks without a password being entered.
Expected results:
A selection of other accounts is shown.
+ Testing Done
+ ============
+ I confirmed that the test case succeeds with a locally built package using
the provided debdiff.
+
Other Info
==========
Cherry-picking this commit:
https://git.gnome.org/browse/gdm/commit/?id=16f646
Introduced in
https://git.gnome.org/browse/gdm/commit/?id=ff98b28
Therefore, this should only affect Ubuntu 17.04. Ubuntu GNOME was the
only Ubuntu flavor to ship GDM by default in 17.04.
https://security-tracker.debian.org/tracker/CVE-2017-12164
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729354
Title:
17.04: GDM lock screen can be circumvented when autologin is set
To manage notifications about this bug go to:
https://bugs.launchpad.net/gdm/+bug/1729354/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
