CVE-2013-1050

medium

Description

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

References

https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4

https://bugzilla.gnome.org/show_bug.cgi?id=683060

https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126

http://www.ubuntu.com/usn/USN-1716-1

Details

Source: Mitre, NVD

Published: 2013-03-08

Updated: 2013-03-18

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium