PT-2019-5287 · Gnome+7 · Gdm+7

Burghard Britzke

Published

2019-02-06

Updated

2024-06-15

CVE-2019-3825

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions gdm versions prior to 3.31.4

Description A vulnerability was discovered in gdm that allows an attacker to bypass the lock screen when timed login is enabled. By selecting the timed login user and waiting for the timer to expire, an attacker could gain access to the logged-in user's session. The issue is related to insufficient authentication in the Gnome Display Manager, which could allow an attacker to obtain unauthorized access to protected information.

Recommendations For gdm versions prior to 3.31.4, update to version 3.31.4 or later to resolve the issue. As a temporary workaround, consider disabling the timed login feature until a patch is available. Restrict access to the lock screen to minimize the risk of exploitation. Avoid using the timed login user selection feature in the affected gdm versions until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALSA-2020:1766

ALSA-2020_1766

ALT-PU-2019-1322

ALT-PU-2019-1456

BDU:2020-02203

CESA-2020_1766

CVE-2019-3825

ELSA-2020-1766

OESA-2021-1044

OPENSUSE-SU-2019:0310-1

OPENSUSE-SU-2019_0310-1

OPENSUSE-SU-2024:10780-1

RHSA-2020:1766

RHSA-2020_1766

RLSA-2020:1766

RLSA-2020_1766

SUSE-SU-2019:0527-1

SUSE-SU-2019_0527-1

USN-3892-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Gdm

PT-2019-5287 · Gnome+7 · Gdm+7

CVE-2019-3825

Weakness Enumeration

Related Identifiers

Affected Products

References · 131