Vigil@nce :GNOME, unlocking gnome-screensaver
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can stop gnome-screensaver when the authentication window shakes, in order to access to user’s session.
Consequences: user access/rights
Provenance: user console
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/02/2010
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The gnome-screensaver program locks the screen and displays a drawing.
When the user entered five times an invalid password, the authentication window shakes. However, during this visual effect, an attacker can keep pressing the Enter key, in order to stop gnome-screensaver.
A local attacker can therefore stop gnome-screensaver when the authentication window shakes, in order to access to user’s session.
Identifiers: 598476, BID-38211, VIGILANCE-VUL-9446