CVE-2007-4569
Description
KDM in KDE 3.3.0-3.5.7 allows passwordless login via autologin and shutdown-password feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
KDM in KDE 3.3.0-3.5.7 allows passwordless login via autologin and shutdown-password feature.
Vulnerability
In KDE Display Manager (KDM) version 3.3.0 through 3.5.7, the backend/session.c file contains a password check bypass vulnerability [3]. When autologin is configured for at least one user and the "shutdown with password" option is enabled, an attacker can bypass the password requirement and log in as any user without providing credentials [2][4].
Exploitation
A local attacker with access to the KDM login screen can exploit this vulnerability. The attacker simply selects a target user (including root) and attempts to log in; due to the bug, the password check is skipped, allowing immediate access [2][4]. No special privileges or prior authentication are required.
Impact
Successful exploitation allows the attacker to log in as any user, including root, without supplying the correct password. This results in a full compromise of system confidentiality, integrity, and availability at the root privilege level [3][4].
Mitigation
Patches have been released for KDE 3.3.0–3.5.7; users should update to patched versions provided by their operating system vendors [1][3]. For KDE 3.5.0–3.5.7, apply post-3.5.7-kdebase-kdm.diff; for 3.3.0–3.4.2, apply post-3.4.2-kdebase-kdm.diff [3]. No workaround is known [4].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- www.kde.org/info/security/advisory-20070919-1.txtnvdPatchVendor Advisory
- www.securityfocus.com/bid/25730nvdPatch
- lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlnvd
- secunia.com/advisories/26894nvd
- secunia.com/advisories/26904nvd
- secunia.com/advisories/26915nvd
- secunia.com/advisories/26929nvd
- secunia.com/advisories/26977nvd
- secunia.com/advisories/27089nvd
- secunia.com/advisories/27096nvd
- secunia.com/advisories/27106nvd
- secunia.com/advisories/27180nvd
- secunia.com/advisories/27271nvd
- security.gentoo.org/glsa/glsa-200710-15.xmlnvd
- securitytracker.com/idnvd
- www.debian.org/security/2007/dsa-1376nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2007-0905.htmlnvd
- www.ubuntu.com/usn/usn-517-1nvd
- www.vupen.com/english/advisories/2007/3227nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36711nvd
- issues.rpath.com/browse/RPL-1725nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359nvd
- www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.htmlnvd
News mentions
0No linked articles in our index yet.