{"id":"CVE-2018-14345","details":"An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.","modified":"2026-04-11T12:27:26.374173Z","published":"2018-07-17T14:29:00.517Z","related":["openSUSE-SU-2024:11376-1"],"references":[{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1101450"},{"type":"FIX","url":"https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sddm/sddm","events":[{"introduced":"0"},{"last_affected":"a15888b04dee1c3194b1b81b7660b6e0f5ebdb43"},{"fixed":"147cec383892d143b5e02daa70f1e7def50f5d98"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.17.0"}]}}],"versions":["v0.1.0","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.17.0","v0.8.99","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14345.json","vanir_signatures_modified":"2026-04-11T12:27:26Z","vanir_signatures":[{"signature_type":"Function","source":"https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98","target":{"function":"Display::startAuth","file":"src/daemon/Display.cpp"},"deprecated":false,"id":"CVE-2018-14345-0706d99e","signature_version":"v1","digest":{"length":2885,"function_hash":"319224329539215714289671669912780491363"}},{"signature_type":"Line","source":"https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98","target":{"file":"src/helper/backend/PamBackend.cpp"},"deprecated":false,"id":"CVE-2018-14345-4ae14c8b","signature_version":"v1","digest":{"line_hashes":["172962929122301095961190515189863495437","87024534473253346270643434239502843269","222410606718930878853499482506260103682","24502458836258739375168040153194422888","55942035781579219665812584806630447444"],"threshold":0.9}},{"signature_type":"Line","source":"https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98","target":{"file":"src/daemon/Display.cpp"},"deprecated":false,"id":"CVE-2018-14345-e1903dd6","signature_version":"v1","digest":{"line_hashes":["196859294944343073460622032897594135071","106981960040867809708245205632244916634","306465001103480198932012981717466945874","219292707561094369074006847099265323343"],"threshold":0.9}},{"signature_type":"Function","source":"https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98","target":{"function":"PamBackend::start","file":"src/helper/backend/PamBackend.cpp"},"deprecated":false,"id":"CVE-2018-14345-f063ae82","signature_version":"v1","digest":{"length":475,"function_hash":"100533615849233512736798439883991909764"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}