CVE-2004-2655 | Vulnerability Database | Aqua Security

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

Affected Software

Name	Vendor	Start Version	End Version
Xscreensaver	Xscreensaver	4.14 (including)	4.14 (including)
Xscreensaver	Xscreensaver	4.16 (including)	4.16 (including)
Xscreensaver	Xscreensaver	4.17 (including)	4.17 (including)
Red Hat Enterprise Linux 3	RedHat	xscreensaver-1:4.10-20	*

References

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://secunia.com/advisories/20226
http://secunia.com/advisories/20456
http://secunia.com/advisories/20782
http://secunia.com/advisories/22080
http://securitytracker.com/id?1016150
http://securitytracker.com/id?1016151
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html
http://www.jwz.org/xscreensaver/changelog.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:071
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.redhat.com/support/errata/RHSA-2006-0498.html
http://www.securityfocus.com/bid/17471
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
https://usn.ubuntu.com/269-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2655
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html