CVE-2015-8308
HIGHlxdm < 0.5.1 - Unauthenticated Authentication Bypass via X Server Connection
Title source: llmDescription
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1284460
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/11/20/6
Scores
CVSS v3
7.8
EPSS
0.0039
EPSS Percentile
30.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
lxdm_project/lxdm
< 0.5.1
Published
Aug 24, 2017
Tracked Since
Feb 18, 2026