New Search

KDM Weak Cookie Vulnerability

oval:org.mitre.oval:def:215

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy which allows attackers to guess session cookies via brute force methods and gain access to the user session.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Linux 9
Class:
vulnerability
Reference(s):
  • CVE-2003-0692
Product(s):
  • KDM