Bypassing Lock Screen in gdm with Timed Login Vulnerability

Bypassing Lock Screen in gdm with Timed Login Vulnerability

CVE-2019-3825 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

Learn more about our User Device Pen Test.