CVE-2013-4509 — Project Ibus vulnerability

CWE-2559 documents7 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 76.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ibus Project Ibus Opensuse

Timeline

PublishedNov 23

Latest updateMay 14

Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶NVDibus_project/ibus1.5.2+1

▶NVDopensuse/opensuse13.1

Patches

Patch: code.google.com ↗Patch: github.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-hfpc-f259-2f2x: The default configuration of IBUS 1↗2022-05-14

▶

OSV

CVE-2013-4509: The default configuration of IBUS 1↗2013-11-23

▶

CVEList

CVE-2013-4509: The default configuration of IBUS 1↗2013-11-23

▶

📋Vendor Advisories

Red Hat

ibus: visible password entry flaw↗2013-10-25

▶

Debian

CVE-2013-4509: ibus-anthy - The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IB...↗2013

▶

💬Community

Bugzilla

CVE-2013-4509 ibus-pinyin: ibus: visible password entry flaw [fedora-all]↗2013-11-05

▶

Bugzilla

CVE-2013-4509 ibus-chewing: ibus: visible password entry flaw [fedora-all]↗2013-11-05

▶

Bugzilla

CVE-2013-4509 ibus: visible password entry flaw↗2013-11-05

▶