CVE-2017-2625 – libXdmcp: weak entropy usage for session keys

https://notcve.org/view.php?id=CVE-2017-2625

01 Mar 2017 — It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. Se ha descubierto que libXdmcp en versiones anteriores a la 1.1.2 usaba entropía débil para generar claves de sesión. En un sistema multiusuario que utilice xdmcp, un atacante local podría utilizar la información disponible... • https://packetstorm.news/files/id/141367 • CWE-320: Key Management Errors CWE-331: Insufficient Entropy •