CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
50.8%
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
Vendor | Product | Version | CPE |
---|---|---|---|
ibus_project | ibus | * | cpe:2.3:a:ibus_project:ibus:*:*:*:*:*:*:*:* |
ibus_project | ibus | 1.5.4 | cpe:2.3:a:ibus_project:ibus:1.5.4:*:*:*:*:*:*:* |
opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-updates/2013-11/msg00036.html
lists.opensuse.org/opensuse-updates/2013-12/msg00024.html
lists.opensuse.org/opensuse-updates/2014-01/msg00045.html
bugzilla.redhat.com/show_bug.cgi?id=1027028
code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690
github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7
groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw