QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4509

Published: Nov 23, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7

x_refsource_CONFIRM

openSUSE-SU-2013:1686

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2014:0068

vendor-advisory

x_refsource_SUSE

https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1027028

x_refsource_CONFIRM

openSUSE-SU-2013:1825

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.