Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When XScreenSaver is configured in Blank Screen Only mode, without
DPMS, the screen does not lock.

Severity: 1/4

Creation date: 07/06/2011

IMPACTED PRODUCTS
- Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The XScreenSaver screen saver has several modes:
– Blank Screen Only
– Random Screen Saver
– etc.

The DPMS (Display Power Management Signaling) feature is used to
switch off the screen when it is idle.

However, when DPMS is disabled, if XScreenSaver starts in mode
"Blank Screen Only" an internal error occurs, and XScreenSaver
stops.

When XScreenSaver is configured in Blank Screen Only mode, without
DPMS, the screen therefore does not lock. An attacker with a
physical access to the screen can thus access to the victim’s
session.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/XScreenSaver-no-locking-in-Blank-Screen-Only-10720