• Lock Screen vulnerability


    After logging in, if you lock the screen an attacker could press Ctrl + Alt + F1 to gain full access to your account without a password.

    Edit: Fixed Key

  • Mmmm??? no, this NIck Webster has nothing to do apart from enjoying scaring people.
    Please can a moderator remove his post, because now everyone is locking the screen and pressing Ctrl + Alt + 1 to check. Very stupid and no funny at all.
    :rage4:

    Intel NUC D54250WYK, 16 Gb RAM, 1 Tb SSD
    Multi -boot (no MS-Win &no UEFI) Legacy MBR with GPT

  • @ant77 Unfortunately, he’s not kidding. He got the keys wrong, if you experience the bug, just going to another console with CTRL+Alt+F1 you’ll be back again to your session.

    https://github.com/Antergos/lightdm-webkit-theme-antergos/issues/3

  • @karasu Oh sorry and apologies to the OP. But this is yet another issue with lightdm. I’m using gdm with gnome and no problems at all.

    Intel NUC D54250WYK, 16 Gb RAM, 1 Tb SSD
    Multi -boot (no MS-Win &no UEFI) Legacy MBR with GPT

  • @karasu By the look of it for me tty1 is my active session, and tty2 is the lock screen. LightDM isn’t blocking me from switching session. Any idea for fixing it other than switching to gdm?

  • @Nick-Webster There is no easy fix for this. Its actually not a bug in LightDM. The developers have been very clear that LightDM is not a screen locker. I have a few ideas on how we can address this though I havent had time to test them yet. I don’t run GNOME on my system and this can’t be properly tested using Virtualbox. I’ll try to find some time to install GNOME and work on this soon. In the meantime I recommend using GDM if screen locking is a concern. (Something to consider is whether or not your system is ever left unattended around someone who knows enough about Linux to know they can Ctrl+Alt+F1 back to your session.)

security10 lockscreen11 Posts 6Views 1753
Log in to reply