Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1086Improper Control of Interaction Frequency in Project X11r6

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
5.4%
top 9.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xfree86 Project X11r6
Timeline
PublishedJul 4
Latest updateApr 30

Description

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDxfree86_project/x11r63.3, 3.3.3+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-45vg-36w4-jh4r: XDM in XFree86 32022-04-30
CVEList
CVE-2001-1086: XDM in XFree86 32002-03-15

💥Exploits & PoCs

1
Exploit-DB
XFree86 X11R6 3.3 XDM - Session Cookie Guessing2001-06-24
CVE-2001-1086 — Xfree86 Project X11r6 vulnerability | cvebase