CVE-2019-3825
gdm: lock screen bypass when timed login is enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
Se ha descubierto una vulnerabilidad en gdm en versiones anteriores a la 3.31.4. Cuando el inicio de sesión temporal está habilitado en la configuración, un atacante podría omitir la pantalla de bloqueo, seleccionando el usuario de inicio de sesión temporal y esperando a que se agote el tiempo. En ese momento, obtendría acceso a la sesión del usuario que ha iniciado sesión.
A vulnerability was discovered in gdm when timed login is enabled in configuration. An attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire at which time they would gain access to the logged-in user's session.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-02-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3892-1 | 2019-10-09 | |
https://access.redhat.com/security/cve/CVE-2019-3825 | 2020-04-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1672825 | 2020-04-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | < 3.31.4 Search vendor "Gnome" for product "Gnome Display Manager" and version " < 3.31.4" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
|