// For flags

CVE-2018-14345

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.

Se ha descubierto un problema en SDDM hasta su versión 0.17.0. Si se configura con ReuseSession=true, la contraseña no se comprueba para los usuarios con una sesión ya existente. Cualquier usuario con acceso al D-Bus del sistema puede, por lo tanto, desbloquear cualquier sesión gráfica. Esto está relacionado con daemon/Display.cpp y helper/backend/PamBackend.cpp.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-07-17 CVE Reserved
  • 2018-07-17 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
  • CWE-613: Insufficient Session Expiration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sddm Project
Search vendor "Sddm Project"
 Sddm
Search vendor "Sddm Project" for product "Sddm"
 <= 0.17.0
Search vendor "Sddm Project" for product "Sddm" and version " <= 0.17.0"
-
Affected