[Security] Bypass login screen by plugging second monitor

Steps:

  1. Laptop is closed but not turned off so just sleeping
  2. Opening laptop and shows login window
  3. Instead of entering password I plug in the second monitor
  4. This bypasses the login screen somehow and I can use the laptop normally

This doesn’t always work but I can replicate it 4 out of 5 times for sure.

2 Likes

Sure. I’m aware of this issue - and several others variants of this and other issues for GNOME Screensaver and its various forks.

As you maybe aware Xorg is inherently insecure. This is one area that Wayland has been developed with security in mind.

Until upstream moves away from Xorg, the best security is to turn off you laptop after use - and use encryption to enforce a secondary logon.

1 Like

Xorg may not have been created with laptops and multi-monitors in mind but is it really an issue in Xorg only ?

Are there « usable » alternatives for gnome-screensaver in Budgie ?

No. Upstream requires that.

From 21.10 we will be using an upstream fork of gnome-screensaver due to GNOME 40 changes that now conflict with gnome-screensaver.

Still happening on 21.10. Any news on how we can remove this.

For me the annoying thing with this is that I have my laptop closed, and I plug in second monitor. I open the laptop and it shows me the lock screen.

In the lock screen I cannot type anything its non responsive. I unplug the second monitor and instead of letting me type it just closes the lockscreen and I can use the laptop normally.

Then I replug the second monitor and it shows the unresponsive lock screen again. So to be able to use 2 monitors after this I have to restart my laptop.

I assume you mean how to resolve this. That will mean digging into the gnome-screensaver code to figure out what happens / or doesn’t happen when a monitor is disconnected.