After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 704284 - when disable-user-list=true, cancelling login leaves gdm in unusable state
when disable-user-list=true, cancelling login leaves gdm in unusable state
Product: gdm
Classification: Core
Component: general
Other Linux
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Reported: 2013-07-15 18:31 UTC by Daniel Kahn Gillmor
Modified: 2018-05-24 10:53 UTC
See Also:
GNOME target: ---
GNOME version: ---

Description Daniel Kahn Gillmor 2013-07-15 18:31:25 UTC
This was originally reported in, and it appears to be true for gdm 3.4.1 (in debian wheezy)

When gdm's greeter has disable-user-list is set to true, if the user enters a username, they are presented with a password prompt, which has a "login" and a "cancel" button.

If they click the "cancel" button, then all user-interactive fields disappear, and there is no way to log into the display manager.

This cripples the ability for normal users to log into the machine, which is a pretty bad outcome.
Comment 1 Sébastien Villemot 2013-07-27 04:08:39 UTC
It should be mentioned that the problem occurs with the fallback greeter.
Comment 2 Daniel Kahn Gillmor 2014-01-07 23:03:53 UTC
This is now CVE-2013-7273
Comment 3 prunkdump 2014-07-07 09:48:48 UTC
I can confirm the bug.

I have proposed a patch here :

Comment 4 Laurent Bigonville 2014-09-11 15:03:17 UTC
The fallback greeter is gone, I guess this bug could be closed?

But debian stable is still running a version affected by this. Could it be possible to have a comment on the patches proposed in both:

Comment 5 GNOME Infrastructure Team 2018-05-24 10:53:57 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: