It exists that libXdmcp prior to 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x.org libxdmcp |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |