Bug 103627

Summary: Ask for a password before enrolling new fingerprints
Product: libfprint Reporter: Laurent Bigonville <bigon>
Component: fprintdAssignee: libfprint-bugs
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Laurent Bigonville 2017-11-08 18:08:59 UTC 
Hi,

Before enrolling new fingerprints a password should be requested.

Otherwise it could lead to privileges escalation like the one described in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719004 if for example the laptop is not locked and left unattended.

Even if the PAM module is not added to sudo/su/... PAM services, this could lead to some attacker changing one of the login method of a user and allowing him to login later.
Comment 1 Bastien Nocera 2017-11-08 21:08:15 UTC 

*** This bug has been marked as a duplicate of bug 89407 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.