ID CVE-2004-2655
Summary rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. This vulnerability is addressed in the following product release: XScreenSaver, XScreenSaver, 4.18
References
Vulnerable Configurations
  • cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*
    cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:xscreensaver:xscreensaver:4.16:*:*:*:*:*:*:*
    cpe:2.3:a:xscreensaver:xscreensaver:4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:xscreensaver:xscreensaver:4.17:*:*:*:*:*:*:*
    cpe:2.3:a:xscreensaver:xscreensaver:4.17:*:*:*:*:*:*:*
CVSS
Base: 5.4 (as of 03-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:N/A:N
oval via4
accepted 2013-04-29T04:01:35.406-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
family unix
id oval:org.mitre.oval:def:10096
status accepted
submitted 2010-07-09T03:56:16-04:00
title rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
version 22
redhat via4
advisories
bugzilla
id 188149
title CVE-2004-2655 xscreensaver passes password to other applications
oval
AND
comment Red Hat Enterprise Linux 3 is installed
oval oval:com.redhat.rhba:tst:20070026001
rhsa
id RHSA-2006:0498
released 2006-05-23
severity Moderate
title RHSA-2006:0498: xscreensaver security update (Moderate)
refmap via4
bid 17471
confirm
mandriva MDKSA-2006:071
misc
sectrack
  • 1016150
  • 1016151
secunia
  • 20226
  • 20456
  • 20782
  • 22080
sgi 20060602-01-U
suse SUSE-SR:2006:023
ubuntu USN-269-1
Last major update 03-10-2018 - 21:29
Published 31-12-2004 - 05:00
Back to Top