The gnome lock screen can be unlocked without needing a password. Steps to Reproduce: 1. Enable Automatic Login for your account 2. Reboot 3. Lock screen 4. Click on the log in as another user button below the password prompt. Actual results: The screen unlocks without a password being entered. Expected results: A selection of other accounts is shown.
This vulnerability is a side effect of upstream https://git.gnome.org/browse/gdm/commit/?id=ff98b28, in gdm-3.24.1. This patch is not part of gdm as shipped in RHEL 7, 6 or 5. As such, RHEL is not affected by this vulnerability.
Acknowledgments: Name: Tobias Guggenmos