CVE-2014-7271Missing Authentication for Critical Function in Project Sddm

CWE-306Missing Authentication for Critical Function7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sddm Project SddmFedoraproject Fedora
Timeline
PublishedMar 8
Latest updateMay 14

Description

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsddm_project/sddm< 0.10.0
Debiansddm_project/sddm< 0.11.0-2+3

Also affects: Fedora 20, 21

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-p422-626h-2hv4: Simple Desktop Display Manager (SDDM) before 02022-05-14
CVEList
CVE-2014-7271: Simple Desktop Display Manager (SDDM) before 02018-03-08
OSV
CVE-2014-7271: Simple Desktop Display Manager (SDDM) before 02018-03-08

📋Vendor Advisories

1
Debian
CVE-2014-7271: sddm - Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in...2014

💬Community

2
Bugzilla
CVE-2014-7271 sddm: user "sddm" can login without authentication.2014-10-06
Bugzilla
CVE-2014-7271 sddm: user "sddm" can login without authentication. [fedora-all]2014-10-06
CVE-2014-7271 — Sddm Project Sddm vulnerability | cvebase