News: Flaw in the Latest Linux Graphical Server Allows Passwordless Logins

Flaw in the Latest Linux Graphical Server Allows Passwordless Logins

Just a quick post. Xorg is the graphical server that handles the desktop environment you choose for your Linux box. A pretty big flaw was found in Xorg versions 1.11 and later that allows anyone to bypass the screen lock mechanism on xscreensaver, gscreensaver, and many others.

The key combo that allows us to bypass the password protected is: ctrl + alt + *.

It's unknown whether or not this was left there intentionally, but the issue remains unresolved.

6 Comments

This is pretty big, actually. They need to patch this fast.

Yeah, that means it gets around my failed password safety script :(. I have it so my HDD is wiped clean upon 3 incorrect password guesses. This kind of ruins that :/. I'm just locking the screen by going to TTY 1 and logging out. Haha. Temporary fix.

I still wont let any get near my laptop with that HDD wipe, because I might start it by accident, if this only really effects 1.11 can't you just downgrade your Xorg?

Won't that mean you will need to downgrade dependencies one by one also?

Yeah, I wouldn't bother. Just shutdown for the time being, or come up with an icky workaround.

Yes you might need to downgrade a few dependencies but if you are really worried about your security then I would recomend trying it

Share Your Thoughts

  • Hot
  • Latest