KDM in KDE 3.1.3 and previous versions uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows malicious users to guess session cookies via brute force methods and gain access to the user session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde kde 2.0.1 |
||
kde kde 2.0_beta |
||
kde kde 2.1 |
||
kde kde 3.0.1 |
||
kde kde 3.0.2 |
||
kde kde 3.1 |
||
kde kde 3.1.1 |
||
kde kde 1.1.1 |
||
kde kde 1.1.2 |
||
kde kde 2.2 |
||
kde kde 2.2.1 |
||
kde kde 3.0.4 |
||
kde kde 3.0.5 |
||
kde kde 3.1.3 |
||
kde kde 1.2 |
||
kde kde 2.0 |
||
kde kde 2.2.2 |
||
kde kde 3.0 |
||
kde kde 3.0.5a |
||
kde kde 3.0.5b |
||
kde kde 1.1 |
||
kde kde 2.1.1 |
||
kde kde 2.1.2 |
||
kde kde 3.0.3 |
||
kde kde 3.0.3a |
||
kde kde 3.1.1a |
||
kde kde 3.1.2 |