Vulnerability Details : CVE-2004-2655
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
Products affected by CVE-2004-2655
- cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*
- cpe:2.3:a:xscreensaver:xscreensaver:4.16:*:*:*:*:*:*:*
- cpe:2.3:a:xscreensaver:xscreensaver:4.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2655
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2655
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:N/AC:H/Au:N/C:C/I:N/A:N |
4.9
|
6.9
|
NIST |
References for CVE-2004-2655
-
http://www.jwz.org/xscreensaver/changelog.html
XScreenSaver: Download
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
404 Not Found
-
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html
-
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
-
http://securitytracker.com/id?1016150
Access Denied
-
http://www.securityfocus.com/bid/17471
Patch
-
http://www.redhat.com/support/errata/RHSA-2006-0498.html
Support
-
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Security - Support | SUSE
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149
188149 – CVE-2004-2655 xscreensaver passes password to other applications
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:071
Mandriva
-
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
ASA-2006-107 (RHSA-2006-0498)
-
http://securitytracker.com/id?1016151
GoDaddy Domain Name Search
-
https://usn.ubuntu.com/269-1/
404: Page not found | Ubuntu
Jump to