Screen Lock Bypass in MATE Desktop Environment's Screensaver
CVE-2018-20681

6.1MEDIUM

Key Information:

Vendor

Mate-desktop

Status
Mate-screensaver
Vendor
CVE Published:
9 January 2019

What is CVE-2018-20681?

The mate-screensaver in the MATE Desktop Environment prior to version 1.20.2 is susceptible to an exploit that enables unauthorized individuals to bypass screen locking protections. By physically tampering with external output devices such as HDMI or VGA connections, an attacker may uncover the screen content of a locked session. In certain situations, this vulnerability also permits the attacker to interact with applications on the locked screen, potentially leading to unauthorized control and manipulation of sensitive information.

References

https://github.com/mate-desktop/mate-screensaver/pull/167
x_refsource_MISC
https://github.com/mate-desktop/mate-screensaver/issues/170
x_refsource_MISC
https://github.com/mate-desktop/mate-screensaver/issues/152
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.