Vulnerability Description
slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suckless | Slock | 0.9 |
Related Weaknesses (CWE)
References
- http://hg.suckless.org/slock/rev/891a4984aba6ExploitPatch
- http://secunia.com/advisories/48700Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/06/1Exploit
- http://www.openwall.com/lists/oss-security/2012/04/06/2
- http://www.osvdb.org/81035
- http://www.securityfocus.com/bid/52922
- https://bugs.gentoo.org/show_bug.cgi?id=401645Exploit
- https://bugzilla.redhat.com/show_bug.cgi?id=786310
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74666
- http://hg.suckless.org/slock/rev/891a4984aba6ExploitPatch
- http://secunia.com/advisories/48700Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/06/1Exploit
- http://www.openwall.com/lists/oss-security/2012/04/06/2
- http://www.osvdb.org/81035
- http://www.securityfocus.com/bid/52922
FAQ
What is CVE-2012-1620?
CVE-2012-1620 is a vulnerability with a CVSS score of 3.6 (LOW). slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveal...
How severe is CVE-2012-1620?
CVE-2012-1620 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1620?
Check the references section above for vendor advisories and patch information. Affected products include: Suckless Slock.