The gnome lock screen can be unlocked without needing a password.
Steps to Reproduce:
1. Enable Automatic Login for your account
3. Lock screen
4. Click on the log in as another user button below the password prompt.
The screen unlocks without a password being entered.
A selection of other accounts is shown.
This vulnerability is a side effect of upstream https://git.gnome.org/browse/gdm/commit/?id=ff98b28, in gdm-3.24.1.
This patch is not part of gdm as shipped in RHEL 7, 6 or 5. As such, RHEL is not affected by this vulnerability.
Name: Tobias Guggenmos