oss-sec mailing list archives
Re: cinnamon-screensaver lock bypass (tested on Fedora 20)
From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 13 Feb 2014 17:13:45 +1100
On 02/12/2014 08:48 PM, Clemens Fries wrote:
Hello, It is possible to circumvent the screen lock on a cinnamon session under Fedora 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume that this is not limited to the version shipped with Fedora. Steps to reproduce: * Start cinnamon session * Lock the screen (Ctrl+Alt+L) * Press the 'Menu' key on the keyboard * A menu appears for a brief moment * Press 'Escape' * Focus is now beneath the screensaver * Press Alt+F2 * Start 'gnome-terminal' * Type 'killall cinnamon-screensaver' Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at bugzilla.redhat.com, but it seems this has not been reported. I also tested this on a second machine with the same outcome.
Thanks for report and testing! Filed https://bugzilla.redhat.com/show_bug.cgi?id=1064695 for this issue.
Cheers, -- Murray McAllister / Red Hat Security Response Team
Current thread:
- cinnamon-screensaver lock bypass (tested on Fedora 20) Clemens Fries (Feb 12)
- Re: cinnamon-screensaver lock bypass (tested on Fedora 20) cve-assign (Feb 12)
- Re: cinnamon-screensaver lock bypass (tested on Fedora 20) Murray McAllister (Feb 12)