CVE-2018-14345

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
17/07/2018
Last modified:
03/10/2019

Description

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:* 0.17.0 (including)