Screen Locking Bypass in Gnome Screensaver by GNOME
CVE-2010-0422

Currently unrated

Key Information:

Vendor: Gnome
Status: Screensaver
Vendor: CVE Published:; 24 February 2010

What is CVE-2010-0422?

The vulnerability in gnome-screensaver 2.28.x prior to 2.28.3 fails to synchronize the state of screen locking with the unlock dialog when the number of monitors changes. This flaw permits an attacker, situated near an unattended workstation, to circumvent the screen lock by repeatedly connecting and disconnecting monitors, thus facilitating unauthorized access.

References

https://bugzilla.redhat.com/show_bug.cgi?id=564464

x_refsource_CONFIRM

https://bugzilla.gnome.org/show_bug.cgi?id=609789

x_refsource_CONFIRM

http://marc.info/?l=oss-security&m=126601292400764&w=2

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2010
Vulnerability Reserved
Jan 27, 2010