[Vulnerability] Password can be bypassed on locked screen with Ctrl+Alt+F7

JezerM / web-greeter-themes

Default themes for web-greeter

https://jezerm.github.io/web-greeter-themes/

7 stars 1 forks source link

[Vulnerability] Password can be bypassed on locked screen with Ctrl+Alt+F7 #3

Closed NovaAndrom3da closed 1 year ago

NovaAndrom3da commented 1 year ago

Light locker can be bypassed by switching to the open TTY of the session. A workaround could be for the user to change the default graphical TTY for X11 to one greater or equal to 13 (More than the number of default function keys)

JezerM commented 1 year ago

Thanks, but this is not related to web-greeter/nody-greeter/sea-greeter but to light-locker. Setting the default graphical TTY for X11 should be the user task or light-locker task.

Also, it is supposed that light-locker changes back to the locked TTY even if you change to TTY-7 with Ctrl+Alt+F7. If it's not doing it, then you should report it to light-locker issues.

NovaAndrom3da commented 1 year ago

Oh, okay, thanks. I thought it might have had something to do with web-greeter (btw, why did I end up putting the issue in this repo instead of the main web-greeter repo? Guess I was tired, lol 🤔).