Comment 22 for bug 313812

Revision history for this message
Romualdo Caruso (aldo-caruso) wrote :

The following effect may be a consequence of the same bug.

Distribution: Ubuntu 10.04

1) Create user1 ( with administrative privileges )
2) Create user2 ( without administrative privileges )
3) Logged as user2 set up a private directory, logout & login, create some files in ~/Private, logout.
4) Logged as user1 change user2 password.
5) Logged as user2 (using the new password defined by user1) you can access the /home/user2/Private directory and its contents.

The effect persists until you reboot.

A privileged user can access private data from others (who recently have logged in and out ) by means of changing their password.