CVE-2013-4509
IBUS < 1.5.4 - Unauthenticated Password Exposure via Lockscreen Display
Title source: llmDescription
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
References (7)
Core 7
Core References
Patch x_refsource_confirm
https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html
Patch x_refsource_confirm
https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690
Mailing List x_refsource_misc
https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1027028
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html
Scores
EPSS
0.0034
EPSS Percentile
26.2%
Details
CWE
CWE-255
Status
published
Products (3)
ibus_project/ibus
1.5.4
ibus_project/ibus
< 1.5.2
opensuse/opensuse
13.1
Published
Nov 23, 2013
Tracked Since
Feb 18, 2026