CVE-2013-4143

Name of the Vulnerable Software and Affected Versions xlockmore versions prior to 5.43

Description The issue arises from the checkPasswd and checkGroupXlockPasswds functions not properly handling NULL values returned by the crypt or dispcrypt function, as implemented in glibc 2.17 and later. This allows attackers to bypass the screen lock through vectors related to invalid salts. The vulnerability can be exploited locally, potentially leading to unauthorized access to protected information.

Recommendations For versions prior to 5.43, update to version 5.43 or later to resolve the issue. As a temporary workaround, consider disabling the checkPasswd and checkGroupXlockPasswds functions until a patch is available. Restrict access to the screen lock feature to minimize the risk of exploitation.