CVE-2019-3825

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

Published: Feb 6, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3825
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
gnome / gnome_display_manager	-	3.31.4
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	18.10	18.10.x
redhat / enterprise_linux	7.0	7.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
https://usn.ubuntu.com/3892-1/

Vulnerability Database

290,020

CVE-2019-3825