Vulnerability: Weak Screen-Unlock Passcode Allows Privileged Shell Access

Vulnerability: Weak Screen-Unlock Passcode Allows Privileged Shell Access

CVE-2022-40297 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.