GNOME Display Manager Timed Login Security Bypass Vulnerability

By GIXnews


A vulnerability in GNOME Display Manager (GDM) could allow a local attacker to bypass security restrictions on a targeted system.

The vulnerability is due to improper security restrictions imposed by the affected software when timed login is enabled. A local attacker with physical access could exploit this vulnerability by selecting the timed login user and waiting for the timer to expire on the targeted system. A successful exploit could allow the attacker to bypass security restrictions and gain access to the logged-in user’s session on the targeted system.

GNOME has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-3825

Source:: Cisco Multivendor Vulnerability Alerts