Security issue - I can bypass the password login with Caps Lock.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gksu (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When booting, if I press Caps Lock on my keyboard until the caps confirmation light turns on (this happens just after the bit in boot where it shows a load of green and white loading text), it then doesn't prompt me for a password to log in - it just logs right in with no password. I expect to have to use a password to login every time and for this to stop anyone from getting to my files, but by pressing caps lock, it boots like I have set the computer not to require login details.
Using Ubuntu 16.04 LTS
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gksu (not installed)
ProcVersionSign
Uname: Linux 4.15.0-33-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Aug 29 18:06:55 2018
InstallationDate: Installed on 2017-07-15 (409 days ago)
InstallationMedia: Ubuntu 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.2)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: gksu
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in gksu (Ubuntu): | |
status: | Incomplete → Invalid |
information type: | Private Security → Public Security |
Thanks for taking the time to report this bug and helping to make Ubuntu better. To help identifying the problem we need some more information. /help.ubuntu. com/community/ ReportingBugs)
Are you able to reproduce it easily?
Can you provide more information on the exact steps to reproduce it?
Is it something that appeared after an upgrade or not?
Could you also share logs after reproducing it? (for more information on how to do this, please see https:/
I appreciate your help on this!
Please feel free to report any other bugs you may find.