CVE-2003-0692
KDE KDM < 3.1.3 - Session Cookie Brute Force via Weak Entropy
Title source: llmDescription
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106374551513499&w=2
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215
Various Sources x_refsource_misc
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-270.html
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2003/dsa-388
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
Patch, Vendor Advisory x_refsource_confirm
http://www.kde.org/info/security/advisory-20030916-1.txt
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-288.html
Scores
EPSS
0.0121
EPSS Percentile
79.2%
Details
Status
published
Products (27)
kde/kde
1.1
kde/kde
1.1.1
kde/kde
1.1.2
kde/kde
1.2
kde/kde
2.0
kde/kde
2.0.1
kde/kde
2.0_beta
kde/kde
2.1
kde/kde
2.1.1
kde/kde
2.1.2
... and 17 more
Published
Oct 06, 2003
Tracked Since
Feb 18, 2026