PT-2018-12461 · Kde+2 · Sddm+2

Vogtinator

·

Publicado

2018-07-17

·

Atualizado

2024-06-15

·

CVE-2018-14345

CVSS v3.1

7.5

Alta

VetorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SDDM versions prior to 0.17.0
Description An issue was discovered where the password is not checked for users with an already existing session if SDDM is configured with ReuseSession=true. This allows any user with access to the system D-Bus to unlock any graphical session. The issue is related to the files daemon/Display.cpp and helper/backend/PamBackend.cpp.
Recommendations For SDDM versions prior to 0.17.0, consider setting ReuseSession=false as a temporary workaround to prevent unauthorized access to graphical sessions. Restrict access to the system D-Bus to minimize the risk of exploitation.

Correção

Insufficient Session Expiration

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613CWE-287

Identificadores relacionados

ALT-PU-2019-1179
CVE-2018-14345
OPENSUSE-SU-2018_2310-1
OPENSUSE-SU-2024:11376-1

Produtos afetados

Alt Linux
Sddm
Suse