CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14345

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.0

References

Products affected by CVE-2018-14345

Sddm Project » Sddm » Version: N/A

cpe:2.3:a:sddm_project:sddm:-
Sddm Project » Sddm » Version: 0.1.0

cpe:2.3:a:sddm_project:sddm:0.1.0
Sddm Project » Sddm » Version: 0.10.0

cpe:2.3:a:sddm_project:sddm:0.10.0
Sddm Project » Sddm » Version: 0.11.0

cpe:2.3:a:sddm_project:sddm:0.11.0
Sddm Project » Sddm » Version: 0.12.0

cpe:2.3:a:sddm_project:sddm:0.12.0
Sddm Project » Sddm » Version: 0.13.0

cpe:2.3:a:sddm_project:sddm:0.13.0
Sddm Project » Sddm » Version: 0.14.0

cpe:2.3:a:sddm_project:sddm:0.14.0
Sddm Project » Sddm » Version: 0.15.0

cpe:2.3:a:sddm_project:sddm:0.15.0
Sddm Project » Sddm » Version: 0.16.0

cpe:2.3:a:sddm_project:sddm:0.16.0
Sddm Project » Sddm » Version: 0.17.0

cpe:2.3:a:sddm_project:sddm:0.17.0
Sddm Project » Sddm » Version: 0.8.99

cpe:2.3:a:sddm_project:sddm:0.8.99
Sddm Project » Sddm » Version: 0.9.0

cpe:2.3:a:sddm_project:sddm:0.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14345

Products

Pricing

Contact Us