LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected