Bug 1200479

Summary: "users" allows setting/clearing fingerprint without authentication
Product: [Fedora] Fedora Reporter: Jeremy Fitzhardinge <jeremy>
Component: control-centerAssignee: Control Center Maintainer <control-center-maint>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: bnocera, control-center-maint, fmuellner, mkasik, ofourdan, oholy, rstrode, tiagomatos
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-10 16:54:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeremy Fitzhardinge 2015-03-10 16:09:08 UTC 
Description of problem:
The "users" area of settings allows fingerprint data to be set/cleared without authentication

Version-Release number of selected component (if applicable):
control-center-3.14.2-2.fc21.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Walk up to someone's session
2. Open Settings->Users
3. Set your fingerprint to log in

Actual results:
Anyone can override existing fingerprint login with their own

Expected results:
It should require the "users" panel to be unlocked before manipulating fingerprint settings.

Additional info:
Looks like this was previously reported as #827968 but was closed unfixed.
Comment 1 Bastien Nocera 2015-03-10 16:54:31 UTC 
Already been filed upstream:
https://bugzilla.freedesktop.org/show_bug.cgi?id=89407