XScreenSaver rdesktop May Display the Screensaver Password in Another Window
|
SecurityTracker Alert ID: 1016150 |
SecurityTracker URL: http://securitytracker.com/id/1016150
|
CVE Reference:
CVE-2004-2655
(Links to External Site)
|
Date: May 24 2006
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.14; possibly other versions
|
Description:
A vulnerability was reported in XScreenSaver when used with rdesktop. The password may be displayed in another window.
rdesktop may not properly release the keyboard focus when xscreensaver starts. As a result, the user's screensaver password may be entered into the active window when the target user unlocks the screen.
This may occur when xscreensaver is activated and an rdesktop session is active.
[Editor's note: The vulnerability was reported in August 2004.]
|
Impact:
The user's screensaver password may be entered into the active window.
|
Solution:
The vendor issued a fixed version (4.16) in May 2004.
|
Vendor URL: www.jwz.org/xscreensaver/ (Links to External Site)
|
Cause:
State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|