Ubuntu
checksecurity package

logout causes login to active user

Bug #36809 reported by trorion
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
checksecurity (Ubuntu)
Invalid
Medium
Jamie Strandboge

Bug Description

I have 2 users on my system. When USER_1 logs on with gnome then selects "switch user" option from the system -> log out menu and USER_2 logs in using xfce manager (this session only) then clicks on the "log out" applet on the default xfce setup USER_2's session shuts down and immediately goes to USER_1's session without a password.

Revision history for this message
Kees Cook (kees) wrote :

Which version of Ubuntu are you using? This sounds like it may be an issue with xfce or the screensaver configuration?

Revision history for this message
trorion (trorion) wrote : Re: [Bug 36809] Re: logout causes login to active user

I'm pretty sure it was dealing with the xfce but it's a pretty bad
security issue. 2 people logged into the same computer, 1 logs out and
automatically logs in to the other user bypassing the password.

I've scrapped the old system and did a clean install and no longer have
xfce running so I can't replicate.

On Fri, 2007-03-02 at 23:23 +0000, Kees Cook wrote:
> Which version of Ubuntu are you using? This sounds like it may be an
> issue with xfce or the screensaver configuration?
>
> ** Visibility changed to: Public
>
> ** This bug has been flagged as a security issue
>

Revision history for this message
Bhavani Shankar (bhavi) wrote :

Wrap the password and user switching program itself under RCS.....:)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Is this still a problem on Gutsy?

Changed in checksecurity:
assignee: nobody → jamie-strandboge
status: New → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in checksecurity:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.