CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

Published: Oct 6, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0692
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
kde / kde	2.2.1	2.2.1.x
kde / kde	2.1.2	2.1.2.x
kde / kde	2.0	2.0.x
kde / kde	3.0.2	3.0.2.x
kde / kde	3.0.5	3.0.5.x
kde / kde	2.0_beta	2.0_beta.x
kde / kde	2.2	2.2.x
kde / kde	3.1.1a	3.1.1a.x
kde / kde	2.0.1	2.0.1.x
kde / kde	2.1	2.1.x
kde / kde	3.0.1	3.0.1.x
kde / kde	3.1	3.1.x
kde / kde	3.1.1	3.1.1.x
kde / kde	1.1.1	1.1.1.x
kde / kde	1.1.2	1.1.2.x
kde / kde	3.0.4	3.0.4.x
kde / kde	3.1.3	3.1.3.x
kde / kde	1.2	1.2.x
kde / kde	2.2.2	2.2.2.x
kde / kde	3.0	3.0.x
kde / kde	3.0.5a	3.0.5a.x
kde / kde	3.0.5b	3.0.5b.x
kde / kde	1.1	1.1.x
kde / kde	2.1.1	2.1.1.x
kde / kde	3.0.3	3.0.3.x
kde / kde	3.0.3a	3.0.3a.x
kde / kde	3.1.2	3.1.2.x

Vulnerability Database

289,599

CVE-2003-0692