What is CVE-2017-12164?

CVE-2017-12164 is a medium-severity vulnerability in Gnome Gdm, classified under CWE-592. CVSS score: 4.1/10. Published 2018-07-26.

How severe is CVE-2017-12164?

Medium severity. CVSS v3 base score is 4.1 out of 10.

Vulnerability in Gnome Gdm

CVE-2017-12164

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

EPSS: 0.001 (33.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Gnome Gdm — versions 3.24.1

Weakness classification (CWE)

CWE-592

References

gitlab.gnome.org/GNOME/gdm/commit/ff98b28 (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-12164?: CVE-2017-12164 is a medium-severity vulnerability in Gnome Gdm, classified under CWE-592. CVSS score: 4.1/10. Published 2018-07-26.
How severe is CVE-2017-12164?: Medium severity. CVSS v3 base score is 4.1 out of 10.