Screen Lock Circumvention in Plasma-workspace by KDE
CVE-2016-2312

6.8MEDIUM

Key Information:

Vendor

Kde

Status
Kscreenlocker
Plasma-workspace
Vendor
CVE Published:
23 December 2016

What is CVE-2016-2312?

A vulnerability exists in KDE's Plasma-workspace that can inadvertently allow the lock screen to bypass the intended security protocols. Specifically, when all screens are turned off while the lock screen is activated, reactivating a screen can result in an unintended state where the system is unlocked. This could potentially expose sensitive information and compromise user privacy. The issue is related to the interaction between Plasma-workspace and kscreenlocker, and it affects versions up to and including 5.6.

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
https://bugs.kde.org/show_bug.cgi?id=358125
x_refsource_MISC
https://www.kde.org/info/security/advisory-20160209-1.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.