CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibus_project:ibus:*:*:*:*:*:*:*:*
cpe:2.3:a:ibus_project:ibus:1.5.4:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-11-23 19:55

Updated : 2024-02-04 18:16


NVD link : CVE-2013-4509

Mitre link : CVE-2013-4509

CVE.ORG link : CVE-2013-4509


JSON object : View

Products Affected

ibus_project

  • ibus

opensuse

  • opensuse
CWE
CWE-255

Credentials Management Errors