CVE-2018-20681
Description
A physically proximate attacker can bypass the mate-screensaver lock by unplugging and re‑plugging external displays, revealing screen content and potentially interacting with applications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A physically proximate attacker can bypass the mate-screensaver lock by unplugging and re‑plugging external displays, revealing screen content and potentially interacting with applications.
Vulnerability
In mate‑screensaver versions before 1.20.2, the screen lock can be bypassed by physically disconnecting and reconnecting external display outputs (HDMI, VGA, DVI, etc.) or by power‑cycling the monitor [1][2][3]. The vulnerability stems from the way mate‑screensaver handles the monitor‑changed signal on GdkScreen; when a display is removed and re‑added, the screensaver fails to re‑lock the session, leaving the desktop content visible and interactive [1]. The issue affects all MATE Desktop Environment users running mate‑screensaver 1.20.1 and earlier [2].
Exploitation
An attacker with physical access to the locked machine can perform the following steps: unplug the external display cable (e.g., HDMI) and plug it back in, or turn the monitor off and on again [2][3]. No authentication is required. In some cases, the attacker can also click with a mouse to interact with windows or launch new applications [3]. The lock bypass occurs because the screensaver does not properly re‑apply the lock when a monitor is added or removed [1][2].
Impact
A successful exploit allows the attacker to view the locked session’s screen content, potentially accessing sensitive information displayed on the desktop [2][3]. Moreover, the attacker may be able to interact with running applications (e.g., clicking buttons, typing into fields) or launch new ones with the same privileges as the logged‑in user, effectively compromising the session’s confidentiality and integrity [3].
Mitigation
The fix was applied in mate‑screensaver version 1.20.2, released on 2018‑08‑24 [1]. Instead of listening to monitor‑changed on GdkScreen, the fixed code listens to monitor‑added and monitor‑removed signals on GdkDisplay, making the lock reliable across dynamic monitor changes [1]. Users should upgrade to mate‑screensaver 1.20.2 or later. No workaround is available for unpatched versions; users must apply the update or avoid leaving unlocked sessions unattended with external display connections [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: mate-screensaver-1.1.0, mate-screensaver-1.10.0, mate-screensaver-1.10.1, …
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"mate-screensaver fails to re-apply the lock screen overlay when external displays are reconnected or woken from power-save states."
Attack vector
A physically proximate attacker can bypass the screen lock by unplugging and re-plugging (or power-cycling) an external monitor connected via HDMI, VGA, DVI, or DisplayPort while the session is locked [ref_id=1]. After the monitor re-initializes, the screensaver's lock overlay is not redrawn, revealing the desktop contents. In some scenarios the attacker can also interact with applications by clicking the mouse, effectively gaining control of the locked session [ref_id=2]. The attacker needs physical access to the display cables or the monitor's power button.
Affected code
The vulnerability lies in mate-screensaver's handling of display power-state transitions. When external output devices (HDMI, VGA, DVI, DisplayPort) are disconnected, power-cycled, or enter/exit sleep modes, the screensaver fails to maintain the lock screen overlay on the reconnected displays [ref_id=1][ref_id=2]. The issue affects mate-screensaver versions before 1.20.2.
What the fix does
The fix was released in mate-screensaver version 1.20.2. The advisory does not include a patch diff, but the issue was resolved by ensuring that the screensaver lock overlay is properly re-established when displays are reconnected or woken from power-save states [ref_id=1]. Users should upgrade to mate-screensaver 1.20.2 or later to close the vulnerability.
Preconditions
- networkAttacker must have physical access to the locked machine's display cables or monitor power button
- inputThe session must be locked via mate-screensaver (either manually or by timeout)
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/mate-desktop/mate-screensaver/issues/152mitrex_refsource_MISC
- github.com/mate-desktop/mate-screensaver/issues/155mitrex_refsource_MISC
- github.com/mate-desktop/mate-screensaver/issues/170mitrex_refsource_MISC
- github.com/mate-desktop/mate-screensaver/pull/167mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.