The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-11-23T19:00:00

Updated: 2024-08-06T16:45:14.836Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4509

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-11-23T19:55:03.613

Modified: 2023-02-13T04:47:03.750

Link: CVE-2013-4509

cve-icon Redhat

Severity : Low

Publid Date: 2013-10-25T00:00:00Z

Links: CVE-2013-4509 - Bugzilla