CVE-2013-4509 — LOW (1.9) — White Hats Nepal

Q: How severe is CVE-2013-4509?

CVE-2013-4509 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4509?

Check the references section above for vendor advisories and patch information. Affected products include: Ibus Project Ibus, Opensuse Opensuse.

Vulnerability Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

CVSS Score

1.9

LOW

AV:L/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibus Project	Ibus	<= 1.5.2
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2013-4509?

CVE-2013-4509 is a vulnerability with a CVSS score of 1.9 (LOW). The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allow...

How severe is CVE-2013-4509?

CVE-2013-4509 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4509?

Check the references section above for vendor advisories and patch information. Affected products include: Ibus Project Ibus, Opensuse Opensuse.