CVE-1999-0731
Description
Local users can bypass KDE lock screen authentication by sending malformed input to the klock program.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can bypass KDE lock screen authentication by sending malformed input to the klock program.
Vulnerability
The KDE klock program, part of the K Desktop Environment (KDE) version 1.x, contains a vulnerability that allows a local user to unlock a locked session by providing malformed input to the password entry dialog. The affected code path involves a race condition in the handling of the password dialog and its deletion, as identified in the commit that fixes the issue [1]. Versions prior to the fix are affected.
Exploitation
An attacker must have local access to a system where a session has been locked using klock. No authentication is required beyond being physically present at the locked console. The attacker interacts with the password entry dialog by sending specially crafted malformed input, which triggers the race condition and prematurely terminates or corrupts the lock dialog, allowing the session to be unlocked without the correct password [1].
Impact
Successful exploitation allows a local attacker to unlock the screen and gain full unauthorized access to the locked session. This compromises the confidentiality, integrity, and availability of the user's session, as the attacker can then interact with the desktop environment as the locked-out user [1].
Mitigation
The vulnerability is fixed in the KDE 1.x codebase by commit 04906bd, which addresses the password entry/dialog deletion race condition [1]. Users should apply the patch or upgrade to a version of KDE that includes this fix. The affected KDE 1.x versions are long past end-of-life, so users of modern systems are not impacted unless they are running an old, unsupported distribution.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
104906bd5de2fFix for password entry/dialog deletion race.
1 file changed · +1 −0
kscreensaver/saver.cpp+1 −0 modified@@ -151,6 +151,7 @@ void KPasswordDlg::keyPressed( QKeyEvent *e ) break; case Key_Return: + timer.stop(); waitForAuthentication = true; if ( tryPassword() ) emit passOk();
Vulnerability mechanics
Root cause
"The klock program fails to properly validate or sanitize malformed input, allowing a local attacker to bypass the screen lock."
Attack vector
A local attacker with physical or remote terminal access to a locked KDE session can send malformed input to the klock process. The advisory states that klock allows unlocking via malformed input, but does not specify the exact input format or delivery mechanism. The attacker must already have access to the locked session's console to deliver the malformed input.
Affected code
The vulnerability resides in the klock program within the KDE 1.x kdebase package. The patch [patch_id=424494] modifies the klock source code, but the bundle does not specify the exact file paths or function names affected.
What the fix does
The patch [patch_id=424494] modifies the klock source in the kde1-kdebase repository. While the exact diff is not shown in the bundle, the fix addresses the input validation gap that allowed malformed input to bypass the lock. The patch likely adds proper input sanitization or state checks to ensure only valid authentication sequences are accepted.
Preconditions
- authAttacker must have local access to the locked KDE session (physical console or terminal)
- inputAttacker must be able to send input to the klock process
Generated on May 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.