CVE-2010-0285 in screensaver
Summary
by MITRE
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/01/2026
The vulnerability described in CVE-2010-0285 affects the gnome-screensaver component across multiple versions including 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3 within the GNOME desktop environment. This issue specifically manifests when the X Window System configuration utilizes the extend screen option, creating a security gap that can be exploited by attackers who are physically present near the target workstation. The flaw represents a critical weakness in the desktop environment's session management and access control mechanisms, particularly when multiple monitors are configured in extended display mode.
The technical root cause of this vulnerability stems from how gnome-screensaver handles session locking when multiple displays are active through the X extend screen configuration. When a user locks their workstation, the screensaver should activate across all displays to prevent unauthorized access. However, the implementation fails to properly account for the extended screen setup where the primary display and secondary display are treated as separate entities. This design flaw allows an attacker to attach an external monitor to an unattended workstation while the primary screen remains locked, thereby gaining access to half of the desktop interface. The vulnerability operates at the display management layer and affects the fundamental security principle of session isolation.
The operational impact of this vulnerability is significant as it provides attackers with a straightforward method to bypass security controls without requiring sophisticated attack vectors or network access. An attacker positioned near the target workstation can simply connect an external monitor to access the unlocked portion of the desktop, potentially gaining access to sensitive information, applications, or system resources. This represents a privilege escalation scenario where unauthorized access to system resources is achieved through physical proximity rather than network-based exploitation. The attack requires minimal technical skill and can be executed in seconds, making it particularly dangerous in environments where physical security is not properly maintained.
This vulnerability aligns with CWE-284, which addresses improper access control issues in software systems. The flaw demonstrates a clear failure in implementing proper access control mechanisms when multiple display configurations are present, allowing unauthorized access to system resources. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and credential access, specifically targeting the initial access phase where attackers establish unauthorized presence on a system. The vulnerability also relates to the T1078 technique for valid accounts and T1087 for account discovery, as it allows access to potentially sensitive information that might be visible on the unlocked portion of the desktop.
Mitigation strategies for this vulnerability should include implementing proper display configuration management policies that prevent unauthorized external monitor connections, configuring gnome-screensaver to properly lock all displays in extended mode, and establishing physical security controls around workstations. System administrators should ensure that gnome-screensaver is updated to versions that properly handle extended display configurations, and that security policies require users to manually lock their sessions when connecting external displays. Additionally, organizations should implement network-level security controls and consider disabling the extend screen option in environments where security is paramount. Regular security assessments should verify that display locking mechanisms function correctly across all supported configurations, and users should be educated about the risks associated with leaving workstations unattended with external displays connected.