| Vulnerability Name: | CVE-2004-2655 (CCN-25763) | ||||||||||||||||
| Assigned: | 2004-05-12 | ||||||||||||||||
| Published: | 2004-05-12 | ||||||||||||||||
| Updated: | 2018-10-03 | ||||||||||||||||
| Summary: | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. This vulnerability is addressed in the following product release: XScreenSaver, XScreenSaver, 4.18 | ||||||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20060602-01-U Source: MITRE Type: CNA CVE-2004-2655 Source: CCN Type: RHSA-2006-0498 xscreensaver security update Source: SECUNIA Type: UNKNOWN 20226 Source: CCN Type: SA20456 Avaya Products XScreenSaver Insecure Temporary File Creation Vulnerability Source: SECUNIA Type: UNKNOWN 20456 Source: SECUNIA Type: UNKNOWN 20782 Source: SECUNIA Type: UNKNOWN 22080 Source: CCN Type: SECTRACK ID: 1016150 XScreenSaver rdesktop May Display the Screensaver Password in Another Window Source: SECTRACK Type: UNKNOWN 1016150 Source: CCN Type: SECTRACK ID: 1016151 (Red Hat Issues Fix) XScreenSaver rdesktop May Display the Screensaver Password in Another Window Source: SECTRACK Type: UNKNOWN 1016151 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm Source: CCN Type: ASA-2006-107 xscreensaver security update (RHSA-2006-0498) Source: CCN Type: derkeiler.com exposed passwords in fedora 2 Source: MISC Type: UNKNOWN http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html Source: CONFIRM Type: UNKNOWN http://www.jwz.org/xscreensaver/changelog.html Source: MANDRIVA Type: UNKNOWN MDKSA-2006:071 Source: SUSE Type: UNKNOWN SUSE-SR:2006:023 Source: REDHAT Type: UNKNOWN RHSA-2006:0498 Source: BID Type: Patch 17471 Source: CCN Type: BID-17471 XScreenSaver Local Password Disclosure Vulnerability Source: CCN Type: USN-269-1 xscreensaver vulnerability Source: CCN Type: Red Hat Bugzilla Bug 188149 CVE-2004-2655 xscreensaver passes password to other applications Source: MISC Type: UNKNOWN https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149 Source: XF Type: UNKNOWN rdesktop-xscreensaver-password-disclosure(25763) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10096 Source: UBUNTU Type: UNKNOWN USN-269-1 Source: SUSE Type: SUSE-SR:2006:023 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||