Vulnerability in Xfree86_project X11r6
CVE-2001-1086
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
EPSS: 0.028 (84.8th percentile) — read the EPSS interpretation.
Affected products
- Xfree86_project X11r6 — versions 3.3, 3.3.3
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Vendor Advisory, mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (Vendor Advisory, mailing-list, Exploit, x_refsource_BUGTRAQ)
- cve@mitre.org (Exploit, Patch, vdb-entry, x_refsource_BID, Vendor Advisory)