A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 | Exploit Issue Tracking Mitigation Third Party Advisory |
https://usn.ubuntu.com/3892-1/ | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 | Exploit Issue Tracking Mitigation Third Party Advisory |
https://usn.ubuntu.com/3892-1/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 04:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 - Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
References | () https://usn.ubuntu.com/3892-1/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 6.3 |
Information
Published : 2019-02-06 20:29
Updated : 2024-11-21 04:42
NVD link : CVE-2019-3825
Mitre link : CVE-2019-3825
CVE.ORG link : CVE-2019-3825
JSON object : View
Products Affected
gnome
- gnome_display_manager
canonical
- ubuntu_linux
redhat
- enterprise_linux
CWE
CWE-287
Improper Authentication