{"api_version":"1","generated_at":"2026-04-23T07:54:27+00:00","cve":"CVE-2013-4509","urls":{"html":"https://cve.report/CVE-2013-4509","api":"https://cve.report/api/cve/CVE-2013-4509.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4509","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4509"},"summary":{"title":"CVE-2013-4509","description":"The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2013-11-23 19:55:00","updated_at":"2023-02-13 04:47:00"},"problem_types":["CWE-255"],"metrics":[],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html","name":"openSUSE-SU-2013:1825","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2013:1825-1: ibus-pinyin: fixed typed password visibility","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html","name":"openSUSE-SU-2014:0068","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2014:0068-1: moderate: update for ibus-chewing","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690","name":"https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690","refsource":"CONFIRM","tags":["Patch"],"title":"ibus-mozc_support_ibus-1.5.4_rev2.diff (9.8 KB) - \n mozc -\n \n \n Mozc - Japanese Input Method for Chromium OS, Android, Windows, Mac and Linux - Google Project Hosting","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html","name":"openSUSE-SU-2013:1686","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2013:1686-1: ibus: avoid showing the password ont he GNOME l","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw","name":"https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw","refsource":"MISC","tags":[],"title":"Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7","name":"https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7","refsource":"CONFIRM","tags":["Patch"],"title":"Added to check the input purpose for gnome-shell password dialog. · ibus/ibus-anthy@6aae0a9 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1027028","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1027028","refsource":"CONFIRM","tags":[],"title":"1027028 – (CVE-2013-4509) CVE-2013-4509 ibus: visible password entry flaw","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw","name":"https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw","refsource":"MISC","tags":[],"title":"Redirecting to Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4509","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4509","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4509","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibus_project","cpe5":"ibus","cpe6":"1.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4509","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibus_project","cpe5":"ibus","cpe6":"1.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4509","vulnerable":"1","versionEndIncluding":"1.5.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibus_project","cpe5":"ibus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4509","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4509","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2013-4509","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html"},{"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html"},{"url":"https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690","refsource":"MISC","name":"https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690"},{"url":"https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7","refsource":"MISC","name":"https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7"},{"url":"https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw","refsource":"MISC","name":"https://groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1027028","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1027028"}]}},"nvd":{"publishedDate":"2013-11-23 19:55:00","lastModifiedDate":"2023-02-13 04:47:00","problem_types":["CWE-255"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibus_project:ibus:1.5.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibus_project:ibus:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4509","Ordinal":"64168","Title":"CVE-2013-4509","CVE":"CVE-2013-4509","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4509","Ordinal":"1","NoteData":"The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"4509","Ordinal":"2","NoteData":"2013-11-23","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4509","Ordinal":"3","NoteData":"2014-01-16","Type":"Other","Title":"Modified"}]}}}