CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibus_project:ibus:*:*:*:*:*:*:*:*
cpe:2.3:a:ibus_project:ibus:1.5.4:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:55

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html - () http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html -
References () http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html - () http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html -
References () http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html - () http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1027028 - () https://bugzilla.redhat.com/show_bug.cgi?id=1027028 -
References () https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690 - Patch () https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690 - Patch
References () https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7 - Patch () https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7 - Patch
References () https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw - () https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw -

Information

Published : 2013-11-23 19:55

Updated : 2024-11-21 01:55


NVD link : CVE-2013-4509

Mitre link : CVE-2013-4509

CVE.ORG link : CVE-2013-4509


JSON object : View

Products Affected

opensuse

  • opensuse

ibus_project

  • ibus
CWE
CWE-255

Credentials Management Errors