|Description||A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: local)|
Vulnerable and fixed packages
The table below lists information on source packages.
|stretch (security), stretch||3.22.3-3+deb9u2||vulnerable|
|bullseye, sid, buster||3.30.2-3||fixed|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
[stretch] - gdm3 <no-dsa> (Minor issue)
[jessie] - gdm3 <ignored> (Minor issue)