XScreenSaver rdesktop May Display the Screensaver Password in Another Window
|
|
SecurityTracker Alert ID: 1016150
|
|
SecurityTracker URL: http://securitytracker.com/id?1016150
|
|
CVE Reference: CVE-2004-2655
(Links to External Site)
|
Date: May 24 2006
|
Impact: Disclosure of authentication information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 4.14; possibly other versions
|
Description: A vulnerability was reported in XScreenSaver when used with rdesktop. The password may be displayed in another window.
rdesktop may not properly release the keyboard focus when xscreensaver starts. As a result, the user's screensaver password may
be entered into the active window when the target user unlocks the screen.
This may occur when xscreensaver is activated and
an rdesktop session is active.
[Editor's note: The vulnerability was reported in August 2004.]
|
Impact: The user's screensaver password may be entered into the active window.
|
Solution: The vendor issued a fixed version (4.16) in May 2004.
|
Vendor URL: www.jwz.org/xscreensaver/ (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 24 May 2006 00:48:03 -0400
Subject: XScreenSaver
|
CVE-2004-2655
CVE says:
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on
Fedora and possibly other platforms, does not release the keyboard focus when
xscreensaver starts, which causes the password to be entered into the active window
when the user unlocks the screen.
|
|
