Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1086


Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1086
Last Modified 05 Sep 2008 04:25:39
Published 04 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

Vulnerable Systems


  • Xfree86 Project X11r6 3.3

  • Xfree86 Project X11r6 3.3.3


BID - 2985

XF - xdm-cookie-brute-force(6808)

BUGTRAQ - 20010704 xdm cookies fast brute force

BUGTRAQ - 20010705 Re: xdm cookies fast brute force

Last Updated: 27 May 2016 10:36:31