CVE-2004-2655 — Xscreensaver vulnerability

8 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

1.4%

top 19.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xscreensaver Debian Xscreensaver

Timeline

PublishedDec 31

Latest updateMay 3

Description

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

CVSS vector

AV:N/AC:H/C:C/I:N/A:NExploitability: 4.9 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xscreensaver< xscreensaver 4.18-1 (bookworm)

▶Debianxscreensaver/xscreensaver< 4.18-1+3

▶NVDxscreensaver/xscreensaver4.14, 4.16, 4.17+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-j8jf-5q4f-2r9c: rdesktop 1↗2022-05-03

▶

OSV

CVE-2004-2655: rdesktop 1↗2004-12-31

▶

📋Vendor Advisories

Ubuntu

xscreensaver vulnerability↗2006-04-11

▶

Red Hat

security flaw↗2004-05-12

▶

Debian

CVE-2004-2655: xscreensaver - rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running...↗2004

▶

💬Community

Bugzilla

CVE-2004-2655 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-2655 xscreensaver passes password to other applications↗2006-04-06

▶