CVE-2013-4509 Information
Description
The default configuration of IBUS 1.5.4 and possibly 1.5.2 and earlier when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3 does not obscure the entered password characters which allows physically proximate attackers to obtain a user password by reading the lockscreen.
Reference
http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html https://bugzilla.redhat.com/show_bug.cgi?id=1027028 https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE3A1383693105690 https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7 https://groups.google.com/forum/!topic/ibus-user/mvCHDO1BJUw
Share on: