CVE-2013-4509

IBUS < 1.5.4 - Unauthenticated Password Exposure via Lockscreen Display

Title source: llm
STIX 2.1

Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

Scores

EPSS 0.0034
EPSS Percentile 26.2%

Details

CWE
CWE-255
Status published
Products (3)
ibus_project/ibus 1.5.4
ibus_project/ibus < 1.5.2
opensuse/opensuse 13.1
Published Nov 23, 2013
Tracked Since Feb 18, 2026