CVE-2013-1050 — Screensaver vulnerability

CWE-2646 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 84.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Screensaver Debian Gnome-screensaver

Timeline

PublishedMar 8

Latest updateMay 17

Description

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDgnome/gnome_screensaver3.5.4, 3.5.5, 3.6.0+2

▶debiandebian/gnome-screensaver

🔴Vulnerability Details

GHSA

GHSA-wxh9-j377-5h7q: The default configuration in gnome-screensaver 3↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

gnome-screensaver vulnerability↗2013-02-12

▶

Debian

CVE-2013-1050: gnome-screensaver - The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the Auto...↗2013

▶

Red Hat

gnome-screensaver: fails to start automatically↗2012-08-30

▶

💬Community

Bugzilla

CVE-2013-1050 gnome-screensaver: fails to start automatically↗2013-03-08

▶