CVE-2017-2625

Summary

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Affected Software

VendorProductVersion RangeStatus
XorglibXdmcp1.1.2affected

Weaknesses

  • CWE-331: CWE-331

ADP Enrichment

CVE Program Container

Additional References

References