Vulnerability Details : CVE-2006-3742

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

Published 2006-09-06 20:04:00

Updated 2008-09-05 21:07:57

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-3742

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-3742

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

Vendor statements for CVE-2006-3742

Red Hat 2007-03-14

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References for CVE-2006-3742

http://lwn.net/Alerts/197302/

Patch

Products affected by CVE-2006-3742

KDE » Kdebase » Version: 3.5.4 0.4.fc5
cpe:2.3:a:kde:kdebase:3.5.4_0.4.fc5:*:*:*:*:*:*:*
Matching versions