SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   XScreenSaver Vendors:   Zawinski, Jamie
XScreenSaver rdesktop May Display the Screensaver Password in Another Window
SecurityTracker Alert ID:  1016150
SecurityTracker URL:  http://securitytracker.com/id/1016150
CVE Reference:   CVE-2004-2655   (Links to External Site)
Date:  May 24 2006
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.14; possibly other versions
Description:   A vulnerability was reported in XScreenSaver when used with rdesktop. The password may be displayed in another window.

rdesktop may not properly release the keyboard focus when xscreensaver starts. As a result, the user's screensaver password may be entered into the active window when the target user unlocks the screen.

This may occur when xscreensaver is activated and an rdesktop session is active.

[Editor's note: The vulnerability was reported in August 2004.]
Impact:   The user's screensaver password may be entered into the active window.
Solution:   The vendor issued a fixed version (4.16) in May 2004.
Vendor URL:  www.jwz.org/xscreensaver/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 24 2006 (Red Hat Issues Fix) XScreenSaver rdesktop May Display the Screensaver Password in Another Window
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.


 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC