CVE-1999-1076 - Lodged Prices

Description

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the \Log Out\ option and selecting a \Cancel\ option in the dialog box for an application that attempts to verify that the user wants to log out which returns the attacker into the locked session.

Reference

http://www.securityfocus.com/bid/745 http://marc.info/?l=bugtraq&m=94096348604173&w=2