Bug 330526

Summary: Any password will be accepted on the third virtual session
Product: [Unmaintained] kscreensaver Reporter: Mester <l.mester>
Component: generalAssignee: kscreensaver bugs tracking <kscreensaver-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: critical CC: l.mester
Priority: NOR    
Version First Reported In: 4.11.3   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Mester 2014-01-29 07:33:03 UTC 
with the screen locked, activating the 'unlock screen'-widget and entering any (even nothing) password the screen unlocks.

Reproducible: Always

Steps to Reproduce:
1.let screen lock (through timeout or per lock-button)
2.enter any password
3.screen is unlocked



One may loose data if anyone is able to unlock your screen, that's why the critical severity.
Comment 1 Mester 2014-01-30 07:09:11 UTC 
Forgot to mention something which is needed to reproduce this bug:
 you need to start 2 new sessions. The third one (VT:9) will accept any password, even -nothing-.
Comment 2 Mester 2014-06-10 12:38:55 UTC 
It seems that one user could log in without a password. Changing the pass reaolved the problem, or at least i cannot reproduce it any more.

Thanks.