CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

Published: Nov 23, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4509
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
ibus_project / ibus	1.5.4	1.5.4.x
ibus_project / ibus	-	1.5.2.x
opensuse / opensuse	13.1	13.1.x

http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html
https://bugzilla.redhat.com/show_bug.cgi?id=1027028
https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690
https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7
https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw

Vulnerability Database

289,697

CVE-2013-4509