CVE-2019-3825Improper Authentication in Display Manager

CWE-287Improper Authentication9 documents8 sources
Severity
6.4MEDIUMNVD
CNA6.3
EPSS
0.1%
top 77.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gnome Display ManagerTHE Gnome Projectr GDMCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 6
Latest updateMay 13

Description

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages2 packages

CVEListV5the_gnome_projectr/gdm3.31.4

Also affects: Ubuntu Linux 18.04, 18.10, Enterprise Linux 7.0

🔴Vulnerability Details

3
GHSA
GHSA-pfhm-wwqj-c296: A vulnerability was discovered in gdm before 32022-05-13
OSV
CVE-2019-3825: A vulnerability was discovered in gdm before 32019-02-06
CVEList
CVE-2019-3825: A vulnerability was discovered in gdm before 32019-02-06

📋Vendor Advisories

3
Ubuntu
GDM vulnerability2019-02-20
Red Hat
gdm: lock screen bypass when timed login is enabled2019-02-06
Debian
CVE-2019-3825: gdm3 - A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled...2019

💬Community

2
Bugzilla
CVE-2019-3825 gdm: lock screen bypass when timed login is enabled [fedora-all]2019-02-06
Bugzilla
CVE-2019-3825 gdm: lock screen bypass when timed login is enabled2019-02-06
CVE-2019-3825 — Improper Authentication | cvebase