CVE-2003-0692

Published: Sep 18, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

CLA-2003:747

vendor-advisory

x_refsource_CONECTIVA

20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities

mailing-list

x_refsource_BUGTRAQ

oval:org.mitre.oval:def:215

vdb-entry

signature

x_refsource_OVAL

http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

x_refsource_MISC

RHSA-2003:270

vendor-advisory

x_refsource_REDHAT

DSA-388

vendor-advisory

x_refsource_DEBIAN

MDKSA-2003:091

vendor-advisory

x_refsource_MANDRAKE

http://www.kde.org/info/security/advisory-20030916-1.txt

x_refsource_CONFIRM

RHSA-2003:288

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2003-0692

Description

Affected Products

References