CVE-2004-2655
Summary
| CVE | CVE-2004-2655 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-12-31 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. |
Risk And Classification
Primary CVSS: v2.0 5.4 from [email protected]
AV:N/AC:H/Au:N/C:C/I:N/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
HighAuthentication
NoneConfidentiality
CompleteIntegrity
NoneAvailability
NoneAV:N/AC:H/Au:N/C:C/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Xscreensaver | Xscreensaver | 4.14 | All | All | All |
| Application | Xscreensaver | Xscreensaver | 4.16 | All | All | All |
| Application | Xscreensaver | Xscreensaver | 4.17 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Secunia - Advisories - Red Hat update for xscreensaver | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Security Announcement | af854a3a-2127-422b-91ae-364da2661108 | www.novell.com | |
| 188149 – CVE-2004-2655 xscreensaver passes password to other applications | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| (Red Hat Issues Fix) XScreenSaver rdesktop May Display the Screensaver Password in Another Window - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| XScreenSaver Local Password Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch |
| Avaya Products XScreenSaver Insecure Temporary File Creation Vulnerability - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| comp.os.linux.security: exposed passwords in Fedora 2 !!!!! | af854a3a-2127-422b-91ae-364da2661108 | www.derkeiler.com | |
| XScreenSaver | af854a3a-2127-422b-91ae-364da2661108 | www.jwz.org | |
| SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| SUSE Update for Multiple Packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| patches.sgi.com/support/free/security/advisories/20060602-01-U.asc | af854a3a-2127-422b-91ae-364da2661108 | patches.sgi.com | |
| ASA-2006-107 (RHSA-2006-0498) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | |
| USN-269-1: xscreensaver vulnerability | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| XScreenSaver rdesktop May Display the Screensaver Password in Another Window - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| Advisories - Mandriva Linux OS | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.