Description
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126
Issue Tracking x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=683060
Patch x_refsource_misc
https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1716-1
Scores
EPSS
0.0005
EPSS Percentile
16.1%
Details
CWE
CWE-264
Status
published
Products (3)
gnome/gnome_screensaver
3.5.4
gnome/gnome_screensaver
3.5.5
gnome/gnome_screensaver
3.6.0
Published
Mar 08, 2013
Tracked Since
Feb 18, 2026