CVE Vulnerabilities

CVE-2013-4509

Published: Nov 23, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

Affected Software

Name Vendor Start Version End Version
Ibus Ibus_project * 1.5.2 (including)
Ibus Ibus_project 1.5.4 (including) 1.5.4 (including)
Ibus Ubuntu lucid *
Ibus Ubuntu upstream *

References