Description
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72284
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62051
Various Sources x_refsource_confirm
https://www.kde.org/info/security/advisory-20150122-2.txt
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/22/6
Scores
EPSS
0.0042
EPSS Percentile
62.4%
Details
CWE
CWE-200
Status
published
Products (2)
kde/kde-workspace
< 4.2.0
kde/plasma-workspace
< 5.1
Published
Jan 26, 2015
Tracked Since
Feb 18, 2026