CVE-2003-0692
First published: Thu Sep 18 2003(Updated: )
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE KDE | =2.2.1 | |
| KDE KDE | =2.1.2 | |
| KDE KDE | =2.0 | |
| KDE KDE | =3.0.2 | |
| KDE KDE | =3.0.5 | |
| KDE KDE | =2.0_beta | |
| KDE KDE | =2.2 | |
| KDE KDE | =3.1.1a | |
| KDE KDE | =2.0.1 | |
| KDE KDE | =2.1 | |
| KDE KDE | =3.0.1 | |
| KDE KDE | =3.1 | |
| KDE KDE | =3.1.1 | |
| KDE KDE | =1.1.1 | |
| KDE KDE | =1.1.2 | |
| KDE KDE | =3.0.4 | |
| KDE KDE | =3.1.3 | |
| KDE KDE | =1.2 | |
| KDE KDE | =2.2.2 | |
| KDE KDE | =3.0 | |
| KDE KDE | =3.0.5a | |
| KDE KDE | =3.0.5b | |
| KDE KDE | =1.1 | |
| KDE KDE | =2.1.1 | |
| KDE KDE | =3.0.3 | |
| KDE KDE | =3.0.3a | |
| KDE KDE | =3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20030916-1.txt
- http://www.redhat.com/support/errata/RHSA-2003-270.html
- http://www.debian.org/security/2003/dsa-388
- http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://www.redhat.com/support/errata/RHSA-2003-288.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
- http://marc.info/?l=bugtraq&m=106374551513499&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215
Frequently Asked Questions
What is the severity of CVE-2003-0692?
CVE-2003-0692 has a moderate severity level due to the potential for session hijacking.
How do I fix CVE-2003-0692?
To fix CVE-2003-0692, upgrade to KDE version 3.1.4 or later which addresses the weak session cookie generation.
Which versions of KDE are affected by CVE-2003-0692?
KDE versions 3.1.3 and earlier, along with versions from 2.0 to 3.1.1, are affected by CVE-2003-0692.
What are the implications of CVE-2003-0692?
CVE-2003-0692 allows attackers to potentially gain unauthorized access to user sessions by brute forcing weak session cookies.
Is there a workaround for CVE-2003-0692?
There are no effective workarounds for CVE-2003-0692, so updating to a secure version is the recommended approach.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/kde
- canonical/kde kde
- version/kde kde/2.2.1
- version/kde kde/2.1.2
- version/kde kde/2.0
- version/kde kde/3.0.2
- version/kde kde/3.0.5
- version/kde kde/2.0_beta
- version/kde kde/2.2
- version/kde kde/3.1.1a
- version/kde kde/2.0.1
- version/kde kde/2.1
- version/kde kde/3.0.1
- version/kde kde/3.1
- version/kde kde/3.1.1
- version/kde kde/1.1.1
- version/kde kde/1.1.2
- version/kde kde/3.0.4
- version/kde kde/3.1.3
- version/kde kde/1.2
- version/kde kde/2.2.2
- version/kde kde/3.0
- version/kde kde/3.0.5a
- version/kde kde/3.0.5b
- version/kde kde/1.1
- version/kde kde/2.1.1
- version/kde kde/3.0.3
- version/kde kde/3.0.3a
- version/kde kde/3.1.2