Lucene search

FreeBSDF00ACDEC-B59F-11E8-805D-001E2A3F778D

HistoryAug 13, 2018 - 12:00 a.m.

X11 Session -- SDDM allows unauthorised unlocking

2018-08-1300:00:00

vuxml.freebsd.org

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.8%

JSON

MITRE reports:

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session.

The default configuration of SDDM on FreeBSD is not affected, since it has ReuseSession=false.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsddm< 0.17.0_1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	sddm	< 0.17.0_1	UNKNOWN

References

www.suse.com/security/cve/CVE-2018-14345/

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.8%

JSON

Related for F00ACDEC-B59F-11E8-805D-001E2A3F778D