CVE-2006-3742 - The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows

CVE-2006-3742

Summary

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

References

http://lwn.net/Alerts/197302/

Vulnerable Configurations

cpe:2.3:a:kde:kdebase:3.5.4_0.4.fc5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdebase:3.5.4_0.4.fc5:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 05-09-2008 - 21:07)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

fedora

FEDORA-2006-942

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

05-09-2008 - 21:07

Published

06-09-2006 - 20:04

Last modified

05-09-2008 - 21:07