330526 – Any password will be accepted on the third virtual session

Bug 330526 - Any password will be accepted on the third virtual session

Summary: Any password will be accepted on the third virtual session

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	kscreensaver
Classification:	Unmaintained
Component:	general (other bugs)
Version First Reported In:	4.11.3
Platform:	Debian testing Linux

Importance:	NOR critical
Target Milestone:	---
Assignee:	kscreensaver bugs tracking

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-01-29 07:33 UTC by Mester
Modified:	2014-06-10 12:38 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Mester 2014-01-29 07:33:03 UTC

with the screen locked, activating the 'unlock screen'-widget and entering any (even nothing) password the screen unlocks.

Reproducible: Always

Steps to Reproduce:
1.let screen lock (through timeout or per lock-button)
2.enter any password
3.screen is unlocked



One may loose data if anyone is able to unlock your screen, that's why the critical severity.

Comment 1 Mester 2014-01-30 07:09:11 UTC

Forgot to mention something which is needed to reproduce this bug:
 you need to start 2 new sessions. The third one (VT:9) will accept any password, even -nothing-.

Comment 2 Mester 2014-06-10 12:38:55 UTC

It seems that one user could log in without a password. Changing the pass reaolved the problem, or at least i cannot reproduce it any more.

Thanks.