Christopher Barrington-Leigh reports that fprintd-enroll does not prompt for authentication before adding new fingerprints to the database: https://bugs.launchpad.net/ubuntu/+source/fprintd/+bug/1532264
The most important part of the description from that bug is:
This means that anyone coming across or stealing a machine with it installed and which is currently logged in and for which fingerprints are enabled for sudo authentication can elevate their access to superuser by simply running fprintd-enroll and scanning their own fingers. A subsequent sudo command will then give the new user access.
Thanks
Christopher Barrington-Leigh reports that fprintd-enroll does not prompt for authentication before adding new fingerprints to the database: https://bugs.launchpad.net/ubuntu/+source/fprintd/+bug/1532264
The most important part of the description from that bug is:
This means that anyone coming across or stealing a machine with it installed and which is currently logged in and for which fingerprints are enabled for sudo authentication can elevate their access to superuser by simply running fprintd-enroll and scanning their own fingers. A subsequent sudo command will then give the new user access.
Thanks