[Security] Bypass login screen by plugging second monitor

Steps:

  1. Laptop is closed but not turned off so just sleeping
  2. Opening laptop and shows login window
  3. Instead of entering password I plug in the second monitor
  4. This bypasses the login screen somehow and I can use the laptop normally

This doesn’t always work but I can replicate it 4 out of 5 times for sure.

1 Like

Sure. I’m aware of this issue - and several others variants of this and other issues for GNOME Screensaver and its various forks.

As you maybe aware Xorg is inherently insecure. This is one area that Wayland has been developed with security in mind.

Until upstream moves away from Xorg, the best security is to turn off you laptop after use - and use encryption to enforce a secondary logon.

1 Like

Xorg may not have been created with laptops and multi-monitors in mind but is it really an issue in Xorg only ?

Are there « usable » alternatives for gnome-screensaver in Budgie ?

No. Upstream requires that.

From 21.10 we will be using an upstream fork of gnome-screensaver due to GNOME 40 changes that now conflict with gnome-screensaver.