CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
50.8%
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ibus-anthy | < 1.5.4-1 | ibus-anthy_1.5.4-1_all.deb |
Debian | 11 | all | ibus-anthy | < 1.5.4-1 | ibus-anthy_1.5.4-1_all.deb |
Debian | 999 | all | ibus-anthy | < 1.5.4-1 | ibus-anthy_1.5.4-1_all.deb |
Debian | 13 | all | ibus-anthy | < 1.5.4-1 | ibus-anthy_1.5.4-1_all.deb |
Debian | 12 | all | ibus-chewing | < 1.4.3-4 | ibus-chewing_1.4.3-4_all.deb |
Debian | 11 | all | ibus-chewing | < 1.4.3-4 | ibus-chewing_1.4.3-4_all.deb |
Debian | 999 | all | ibus-chewing | < 1.4.3-4 | ibus-chewing_1.4.3-4_all.deb |
Debian | 13 | all | ibus-chewing | < 1.4.3-4 | ibus-chewing_1.4.3-4_all.deb |
Debian | 12 | all | ibus-pinyin | < 1.5.0-1 | ibus-pinyin_1.5.0-1_all.deb |
Debian | 11 | all | ibus-pinyin | < 1.5.0-1 | ibus-pinyin_1.5.0-1_all.deb |