Upstream information
Description
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- SuSE-SA:2003:044, published Friday, Oct 31st 2003 13:04 MEST
- SuSE-SA:2003:045, published Mon Nov 10 15:00:00 CET 2003
- SuSE-SA:2003:046, published Tuesday, Nov 18th 2003 14:30 MEST
- SuSE-SA:2003:047, published Friday, Nov 28th 2003 15:30 MEST
- SuSE-SA:2003:049, published Thursday, December 4th 2003 15:30 MET
- SuSE-SA:2003:050, published Thursday, Dec 4th 2003 14:30 MET
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 00:26:24 2013CVE page last modified: Wed Mar 26 11:14:01 2025