It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users sessions.
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libxdmcp | X.org | * | 1.1.2 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | libdrm-0:2.4.74-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libepoxy-0:1.3.1-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libevdev-0:1.5.6-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libfontenc-0:1.1.3-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libICE-0:1.0.9-9.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libinput-0:1.6.3-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libvdpau-0:1.1.1-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libwacom-0:0.24-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libX11-0:1.6.5-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXaw-0:1.0.13-4.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libxcb-0:1.12-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXcursor-0:1.1.14-8.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXdmcp-0:1.1.2-6.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXfixes-0:5.0.3-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXfont-0:1.5.2-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXfont2-0:2.0.1-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXi-0:1.7.9-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libxkbcommon-0:0.7.1-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libxkbfile-0:1.0.9-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXpm-0:3.5.12-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXrandr-0:1.5.1-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXrender-0:0.9.10-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXt-0:1.1.5-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXtst-0:1.2.3-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXv-0:1.0.11-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXvMC-0:1.0.10-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libXxf86vm-0:1.1.4-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | mesa-0:17.0.1-6.20170307.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | mesa-private-llvm-0:3.9.1-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | vulkan-0:1.0.39.1-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xcb-proto-0:1.12-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xkeyboard-config-0:2.20-1.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-proto-devel-0:7.7-20.el7 | * |
| Libxdmcp | Ubuntu | artful | * |
| Libxdmcp | Ubuntu | bionic | * |
| Libxdmcp | Ubuntu | cosmic | * |
| Libxdmcp | Ubuntu | devel | * |
| Libxdmcp | Ubuntu | disco | * |
| Libxdmcp | Ubuntu | eoan | * |
| Libxdmcp | Ubuntu | esm-infra/xenial | * |
| Libxdmcp | Ubuntu | focal | * |
| Libxdmcp | Ubuntu | groovy | * |
| Libxdmcp | Ubuntu | hirsute | * |
| Libxdmcp | Ubuntu | impish | * |
| Libxdmcp | Ubuntu | jammy | * |
| Libxdmcp | Ubuntu | kinetic | * |
| Libxdmcp | Ubuntu | precise | * |
| Libxdmcp | Ubuntu | precise/esm | * |
| Libxdmcp | Ubuntu | trusty | * |
| Libxdmcp | Ubuntu | trusty/esm | * |
| Libxdmcp | Ubuntu | upstream | * |
| Libxdmcp | Ubuntu | vivid/stable-phone-overlay | * |
| Libxdmcp | Ubuntu | xenial | * |
| Libxdmcp | Ubuntu | yakkety | * |
| Libxdmcp | Ubuntu | zesty | * |