Just a quick post. Xorg is the graphical server that handles the desktop environment you choose for your Linux box. A pretty big flaw was found in Xorg versions 1.11 and later that allows anyone to bypass the screen lock mechanism on xscreensaver, gscreensaver, and many others.
The key combo that allows us to bypass the password protected is: ctrl + alt + *.
It's unknown whether or not this was left there intentionally, but the issue remains unresolved.
How To:
Discover & Attack Services on Web Apps or Networks with Sparta
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
Hacking macOS:
How to Dump 1Password, KeePassX & LastPass Passwords in Plaintext
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
How To:
Top 10 Things to Do After Installing Kali Linux
How To:
Hack Android Using Kali (Remotely)
How To:
Gain Complete Control of Any Android Phone with the AhMyth RAT
How To:
Target Bluetooth Devices with Bettercap
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To:
Make Your Own Bad USB
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Control Network Traffic with Evil Limiter to Throttle or Kick Off Devices
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
How To:
Discover & Attack Services on Web Apps or Networks with Sparta
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
Hacking macOS:
How to Dump 1Password, KeePassX & LastPass Passwords in Plaintext
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
How To:
Top 10 Things to Do After Installing Kali Linux
How To:
Hack Android Using Kali (Remotely)
How To:
Gain Complete Control of Any Android Phone with the AhMyth RAT
How To:
Target Bluetooth Devices with Bettercap
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To:
Make Your Own Bad USB
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Control Network Traffic with Evil Limiter to Throttle or Kick Off Devices
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
6 Comments
This is pretty big, actually. They need to patch this fast.
Yeah, that means it gets around my failed password safety script :(. I have it so my HDD is wiped clean upon 3 incorrect password guesses. This kind of ruins that :/. I'm just locking the screen by going to TTY 1 and logging out. Haha. Temporary fix.
I still wont let any get near my laptop with that HDD wipe, because I might start it by accident, if this only really effects 1.11 can't you just downgrade your Xorg?
Won't that mean you will need to downgrade dependencies one by one also?
Yeah, I wouldn't bother. Just shutdown for the time being, or come up with an icky workaround.
Yes you might need to downgrade a few dependencies but if you are really worried about your security then I would recomend trying it
Share Your Thoughts