CVE-2019-3825
MEDIUMgnome_display_manager < 3.31.4 - Unauthenticated Lock Screen Bypass via Timed Login
Title source: llmDescription
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3892-1/
Exploit, Issue Tracking, Mitigation, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
Scores
CVSS v3
6.3
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
gnome/gnome_display_manager
< 3.31.4
redhat/enterprise_linux
7.0
Published
Feb 06, 2019
Tracked Since
Feb 18, 2026