1.9
CVE-2013-4509
- EPSS 0.34%
- Veröffentlicht 23.11.2013 19:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibus Project ≫ Ibus Version <= 1.5.2
Ibus Project ≫ Ibus Version1.5.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html
https://bugzilla.redhat.com/show_bug.cgi?id=1027028
https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690
https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7
https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw