CVE-2017-12164

4.1MEDIUM

Key Information:

Vendor: Gnome
Status: Gdm
Vendor: CVE Published:; 26 July 2018

Summary

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

Affected Version(s)

gdm 3.24.1

References

https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164

x_refsource_CONFIRM

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Aug 1, 2017