CVE-2019-3825

Published: Feb 6, 2019Modified: Nov 21, 2024

6.4

Vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: NVD

Description

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

Affected (4)

Products: Gnome: Gnome Display Manager · Canonical: Ubuntu Linux · Redhat: Enterprise Linux

1 product

Gnome Display Manager

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Gnome Display Manager	Before 3.31.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825

Source: secalert@redhat.com

ExploitIssue TrackingMitigationThird Party Advisory

https://usn.ubuntu.com/3892-1/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingMitigationThird Party Advisory

https://usn.ubuntu.com/3892-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.