FreeBSD : X11 Session -- SDDM allows unauthorised unlocking (f00acdec-b59f-11e8-805d-001e2a3f778d)
Medium Nessus Plugin ID 117443
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMITRE reports :
An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session.
The default configuration of SDDM on FreeBSD is not affected, since it has ReuseSession=false.
SolutionUpdate the affected package.