Vulnerability Description
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gnome Display Manager | < 3.31.4 |
| Canonical | Ubuntu Linux | 18.04 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825ExploitIssue TrackingMitigation
- https://usn.ubuntu.com/3892-1/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825ExploitIssue TrackingMitigation
- https://usn.ubuntu.com/3892-1/Third Party Advisory
FAQ
What is CVE-2019-3825?
CVE-2019-3825 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer ...
How severe is CVE-2019-3825?
CVE-2019-3825 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3825?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome Display Manager, Canonical Ubuntu Linux, Redhat Enterprise Linux.