LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8308
Reference (s):
- https://bugzilla.redhat.com/show_bug.cgi?id=1284460
- MLIST:[oss-security] 20151120 Re: LXDM X authentication issues
- URL: http://www.openwall.com/lists/oss-security/2015/11/20/6