CVE-2007-4569
kdm password-less login vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
El backend/session.c del KDE 3.3.0 hasta el 3.5.7, cuando la auto-autenticación está configurada y el "apagado con contraseña" está habilitado, permite a atacantes remotos evitar el requerimiento de contraseña y autenticarse en cuentas de su elección a través de vectores sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-08-28 CVE Reserved
- 2007-09-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (27)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/26894 | Third Party Advisory | |
http://secunia.com/advisories/26904 | Third Party Advisory | |
http://secunia.com/advisories/26915 | Third Party Advisory | |
http://secunia.com/advisories/26929 | Third Party Advisory | |
http://secunia.com/advisories/26977 | Third Party Advisory | |
http://secunia.com/advisories/27089 | Third Party Advisory | |
http://secunia.com/advisories/27096 | Third Party Advisory | |
http://secunia.com/advisories/27106 | Third Party Advisory | |
http://secunia.com/advisories/27180 | Third Party Advisory | |
http://secunia.com/advisories/27271 | Third Party Advisory | |
http://securitytracker.com/id?1018724 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/3227 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/36711 | Vdb Entry | |
https://issues.rpath.com/browse/RPL-1725 | X_refsource_confirm | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.kde.org/info/security/advisory-20070919-1.txt | 2017-09-29 | |
http://www.securityfocus.com/bid/25730 | 2017-09-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3 Search vendor "Kde" for product "Kde" and version "3.3" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.0 Search vendor "Kde" for product "Kde" and version "3.3.0" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.1 Search vendor "Kde" for product "Kde" and version "3.3.1" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.2 Search vendor "Kde" for product "Kde" and version "3.3.2" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4 Search vendor "Kde" for product "Kde" and version "3.4" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.0 Search vendor "Kde" for product "Kde" and version "3.4.0" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.1 Search vendor "Kde" for product "Kde" and version "3.4.1" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.2 Search vendor "Kde" for product "Kde" and version "3.4.2" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.3 Search vendor "Kde" for product "Kde" and version "3.4.3" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5 Search vendor "Kde" for product "Kde" and version "3.5" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.0 Search vendor "Kde" for product "Kde" and version "3.5.0" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.1 Search vendor "Kde" for product "Kde" and version "3.5.1" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.2 Search vendor "Kde" for product "Kde" and version "3.5.2" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.3 Search vendor "Kde" for product "Kde" and version "3.5.3" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.4 Search vendor "Kde" for product "Kde" and version "3.5.4" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.5 Search vendor "Kde" for product "Kde" and version "3.5.5" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.6 Search vendor "Kde" for product "Kde" and version "3.5.6" | - |
Affected
| ||||||
Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.7 Search vendor "Kde" for product "Kde" and version "3.5.7" | - |
Affected
|