The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
References
Configurations
History
21 Nov 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1027028 - | |
References | () https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690 - Patch | |
References | () https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7 - Patch | |
References | () https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw - |
Information
Published : 2013-11-23 19:55
Updated : 2024-11-21 01:55
NVD link : CVE-2013-4509
Mitre link : CVE-2013-4509
CVE.ORG link : CVE-2013-4509
JSON object : View
Products Affected
opensuse
- opensuse
ibus_project
- ibus
CWE
CWE-255
Credentials Management Errors