Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2018-14345

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.

  • Published: Jul 17, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-14345
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
sddm_project / sddm - 0.17.0.x