Hi! After installing Ubuntu Budgie 20.10 the following issue: When the machine is locked and the monitor turned itself of and I then remove the external monitor, the computer wakes up unlocked. I guess this is not a feature but a bug.
Sounds like an issue. Would need someone to dig into the gnome-screensaver code.
I would though say, screensavers are not security enforcing tools. Anything about the X windowing system is easily subverted by anyone on a network.
INTRODUCTION
-----------------------
In this preliminary report I will detail the discovery of a vulnerability with potentially high impact in which, with local access to the computer, allows bypassing the authentication inside a system with kernel version “Linux budgie 5.13.0-30-generic” and operating system “Ubuntu Budgie 21.10 impish” by using only a HDMI cable.
Once access is gained, we can run commands in the command terminal or browse the system files with the privileges of the last user who locked or suspended the computer.
I don’t know if it is possible to apply it to other Ubuntu variants or other different kernel versions.
REQUIREMENTS
------------------------
Operating system: Ubuntu Budgie 21.10 impish
Kernel: Linux budgie 5.13.0-30-generic
Equipment: A laptop and an external monitor. The laptop is connected via HDMI cable to the monitor. The monitor is configured as the main screen and in “join displays” or “extended” mode.
METHODOLOGY
-----------------------
First, we will turn on the laptop and then, we will log in with any user. Once we have logged in we must lock or suspend the system.
Note that once suspended or locked, if we want to unlock it, it will ask for the user’s password again. What we will do is simply disconnect the HDMI cable and we will automatically have access to the user’s desktop without having to enter the password again.
In case it does not allow us to use the keyboard, it will be enough to connect and disconnect the HDMI cable for it to work again. There may also be display errors if we start the browser or other applications, but it allows us to perform operations such as executing commands or browse and display file explorer content without any problem.
I leave attached a video showing the complete procedure:
Local authentication bypass using HDMI cable | Ubuntu Budgie 21.10 (impish) - YouTube
I leave attached this same report but in PDF improved format:
SPECIFICATIONS OF MY COMPUTER:
Operating system: Ubuntu Budgie 21.10 impish
Kernel: Linux budgie 5.13.0-30-generic
Model: LENOVO 20YGCTO1WWW