[Security] Bypass login screen by plugging second monitor


  1. Laptop is closed but not turned off so just sleeping
  2. Opening laptop and shows login window
  3. Instead of entering password I plug in the second monitor
  4. This bypasses the login screen somehow and I can use the laptop normally

This doesn’t always work but I can replicate it 4 out of 5 times for sure.


Sure. I’m aware of this issue - and several others variants of this and other issues for GNOME Screensaver and its various forks.

As you maybe aware Xorg is inherently insecure. This is one area that Wayland has been developed with security in mind.

Until upstream moves away from Xorg, the best security is to turn off you laptop after use - and use encryption to enforce a secondary logon.

1 Like

Xorg may not have been created with laptops and multi-monitors in mind but is it really an issue in Xorg only ?

Are there « usable » alternatives for gnome-screensaver in Budgie ?

No. Upstream requires that.

From 21.10 we will be using an upstream fork of gnome-screensaver due to GNOME 40 changes that now conflict with gnome-screensaver.

Still happening on 21.10. Any news on how we can remove this.

For me the annoying thing with this is that I have my laptop closed, and I plug in second monitor. I open the laptop and it shows me the lock screen.

In the lock screen I cannot type anything its non responsive. I unplug the second monitor and instead of letting me type it just closes the lockscreen and I can use the laptop normally.

Then I replug the second monitor and it shows the unresponsive lock screen again. So to be able to use 2 monitors after this I have to restart my laptop.

I assume you mean how to resolve this. That will mean digging into the gnome-screensaver code to figure out what happens / or doesn’t happen when a monitor is disconnected.

In 22.04 I observe a similar and reproducible issue: with the external monitor connected and the desktop locked, simply turn off or disconnect the monitor and the desktop will be unlocked on the laptop monitor. I often find the desktop unlocked because the external monitor goes to sleep.

same here, using 22.04.1 LTS. When the external monitor is connected and I lock the session, disconnecting the monitor unlocks the session.
If I have no monitor connected and lock the session, connecting and disconnecting a monitor unlock the session.
Is there any progress on this since it has been reported in April 21?
There should at least be a CVE assigned, so users of ubuntu budgie are informed they use an insecure OS.

I’m not able to replicate this anymore on 22.04.1 LTS.