Vigil@nce - XScreenSaver: no locking in Blank Screen Only
June 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When XScreenSaver is configured in Blank Screen Only mode, without
DPMS, the screen does not lock.
Severity: 1/4
Creation date: 07/06/2011
IMPACTED PRODUCTS
- Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The XScreenSaver screen saver has several modes:
– Blank Screen Only
– Random Screen Saver
– etc.
The DPMS (Display Power Management Signaling) feature is used to
switch off the screen when it is idle.
However, when DPMS is disabled, if XScreenSaver starts in mode
"Blank Screen Only" an internal error occurs, and XScreenSaver
stops.
When XScreenSaver is configured in Blank Screen Only mode, without
DPMS, the screen therefore does not lock. An attacker with a
physical access to the screen can thus access to the victim’s
session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/XScreenSaver-no-locking-in-Blank-Screen-Only-10720