Gnome Display Manager
CVE-2019-3825
MEDIUM
Severity by source
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
AnalysisAI
A vulnerability was discovered in gdm before 3.31.4. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. Affected products include: Gnome Gnome Display Manager, Canonical Ubuntu Linux, Redhat Enterprise Linux. Version information: before 3.31.4..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Gnome Display Manager
View allgdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service v
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destr
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlin
A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authen
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a deni
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today