CVE-2013-4509 : The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IB

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

Published 2013-11-23 19:55:04

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-4509

Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions
Ibus Project » Ibus
Versions up to, including, (<=) 1.5.2
cpe:2.3:a:ibus_project:ibus:*:*:*:*:*:*:*:*
Matching versions
Ibus Project » Ibus » Version: 1.5.4
cpe:2.3:a:ibus_project:ibus:1.5.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-4509

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4509

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-4509

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4509

https://bugzilla.redhat.com/show_bug.cgi?id=1027028

1027028 – (CVE-2013-4509) CVE-2013-4509 ibus: visible password entry flaw
http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html

openSUSE-SU-2013:1686-1: ibus: avoid showing the password ont he GNOME l
http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html

openSUSE-SU-2013:1825-1: ibus-pinyin: fixed typed password visibility
https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw

Sign in - Google Accounts
https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690

GitHub - google/mozc: Mozc - a Japanese Input Method Editor designed for multi-platform
Patch
https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7

Added to check the input purpose for gnome-shell password dialog. · ibus/ibus-anthy@6aae0a9 · GitHub
Patch
http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html

openSUSE-SU-2014:0068-1: moderate: update for ibus-chewing

Jump to

Vulnerability Details : CVE-2013-4509

Products affected by CVE-2013-4509

Exploit prediction scoring system (EPSS) score for CVE-2013-4509

CVSS scores for CVE-2013-4509

CWE ids for CVE-2013-4509

References for CVE-2013-4509