Security design flaw with "default" x-windows login behaviour
Eric Dunbar
eric.dunbar at gmail.com
Fri Nov 19 17:42:48 CST 2004
Alright, it's not _quite_ default behaviour but pretty close.
I have set my Ubuntu install to automagically login to my main account
(lets call it ericishome) after 60 seconds (System Configuration:Login
Screen Setup).
If I enter a valid username or gibberish into the username entry
field, press enter once (to get to the password entry field) and then
press enter AGAIN I am automagically logged in into the ericishome
account, regardless of what (real or fake) username I typed
beforehand.
The logical default behaviour (IMNSHO) would be for the login manager
(or whatever it's called) to throw up a normal, "your username or
password is invalid, please try again" response.
PS I didn't know where to submit such a comment so I figured here
would be the best place.
Eric.
More information about the ubuntu-devel
mailing list