CVE-2004-2655

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2655
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.4
AV:N/AC:H/Au:N/C:C/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xscreensaver / xscreensaver	4.16	4.16.x
xscreensaver / xscreensaver	4.14	4.14.x
xscreensaver / xscreensaver	4.17	4.17.x

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://secunia.com/advisories/20226
http://secunia.com/advisories/20456
http://secunia.com/advisories/20782
http://secunia.com/advisories/22080
http://securitytracker.com/id?1016150
http://securitytracker.com/id?1016151
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html
http://www.jwz.org/xscreensaver/changelog.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:071
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.redhat.com/support/errata/RHSA-2006-0498.html
http://www.securityfocus.com/bid/17471
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
https://usn.ubuntu.com/269-1/

Vulnerability Database

CVE-2004-2655