This is not much of a vuln, as many folks have already posted but its probably worth mentioning that its in xscreensaver on (your-favourite-*nix-variant) too - the xscreensaver daemon caches your encrypted password on startup, usually on setting up your X session. If you change your passwd during an X session and xscreensaver is set to lock your display then you'll need to either stop and restart the xscreensaver daemon or remember to use the old passwd to unlock your screen until you log out that session. IMHO this is a usability issue rather than a security hole though. -- Dave Booth, CWT-IT dboothat_private +---------------------------------------------------+ | Catapultam habeo. Nisi pecuniam omnem mihi dabis, | | ad caput tuum saxum immane mittam. | +---------------------------------------------------+
This archive was generated by hypermail 2b30 : Wed May 01 2002 - 09:08:38 PDT