CVE-2018-14345

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14345
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14345.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-14345
Downstream
Related
Published
2018-07-17T14:29:00.517Z
Modified
2025-11-14T07:48:02.631682Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.

References

Affected packages

Git / github.com/sddm/sddm

Affected ranges

Type
GIT
Repo
https://github.com/sddm/sddm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
147cec383892d143b5e02daa70f1e7def50f5d98

Affected versions

v0.*

v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.8.99
v0.9.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 2885.0,
            "function_hash": "319224329539215714289671669912780491363"
        },
        "signature_version": "v1",
        "target": {
            "function": "Display::startAuth",
            "file": "src/daemon/Display.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98",
        "signature_type": "Function",
        "id": "CVE-2018-14345-0706d99e"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172962929122301095961190515189863495437",
                "87024534473253346270643434239502843269",
                "222410606718930878853499482506260103682",
                "24502458836258739375168040153194422888",
                "55942035781579219665812584806630447444"
            ]
        },
        "signature_version": "v1",
        "target": {
            "file": "src/helper/backend/PamBackend.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98",
        "signature_type": "Line",
        "id": "CVE-2018-14345-4ae14c8b"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "196859294944343073460622032897594135071",
                "106981960040867809708245205632244916634",
                "306465001103480198932012981717466945874",
                "219292707561094369074006847099265323343"
            ]
        },
        "signature_version": "v1",
        "target": {
            "file": "src/daemon/Display.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98",
        "signature_type": "Line",
        "id": "CVE-2018-14345-e1903dd6"
    },
    {
        "digest": {
            "length": 475.0,
            "function_hash": "100533615849233512736798439883991909764"
        },
        "signature_version": "v1",
        "target": {
            "function": "PamBackend::start",
            "file": "src/helper/backend/PamBackend.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98",
        "signature_type": "Function",
        "id": "CVE-2018-14345-f063ae82"
    }
]