Weak Permissions in kinit in KDE Frameworks before 5.23.0 Allows Unauthorized Access to X11 Cookies

Weak Permissions in kinit in KDE Frameworks before 5.23.0 Allows Unauthorized Access to X11 Cookies

CVE-2016-3100 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

Learn more about our User Device Pen Test.