FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

X11 Session -- SDDM allows unauthorised unlocking

Affected packages
sddm < 0.17.0_1

Details

VuXML ID f00acdec-b59f-11e8-805d-001e2a3f778d
Discovery 2018-08-13
Entry 2018-09-11

MITRE reports:

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session.

The default configuration of SDDM on FreeBSD is not affected, since it has ReuseSession=false.

References

CVE Name CVE-2018-14345
URL https://www.suse.com/security/cve/CVE-2018-14345/