The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore prior to 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows malicious users to bypass the screen lock via vectors related to invalid salts.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
david bagley xlockmore |
||
david bagley xlockmore 5.35 |
||
david bagley xlockmore 5.33 |
||
david bagley xlockmore 5.26 |
||
david bagley xlockmore 5.24 |
||
david bagley xlockmore 5.31 |
||
david bagley xlockmore 5.30 |
||
david bagley xlockmore 5.29 |
||
david bagley xlockmore 5.28 |
||
david bagley xlockmore 5.40 |
||
david bagley xlockmore 5.39 |
||
david bagley xlockmore 5.38 |
||
david bagley xlockmore 5.37 |
||
david bagley xlockmore 5.41 |
||
david bagley xlockmore 5.36 |
||
david bagley xlockmore 5.34 |
||
david bagley xlockmore 5.32 |
||
david bagley xlockmore 5.27 |
||
david bagley xlockmore 5.25 |
Vulmon