CVE-2004-2655
First published: Fri Dec 31 2004(Updated: )
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jasdf Screensavers | =4.16 | |
| Jasdf Screensavers | =4.14 | |
| Jasdf Screensavers | =4.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html
- http://www.jwz.org/xscreensaver/changelog.html
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149
- http://www.securityfocus.com/bid/17471
- http://www.redhat.com/support/errata/RHSA-2006-0498.html
- http://securitytracker.com/id?1016150
- http://securitytracker.com/id?1016151
- http://secunia.com/advisories/20226
- http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
- http://secunia.com/advisories/20456
- http://secunia.com/advisories/20782
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://secunia.com/advisories/22080
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:071
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
- https://usn.ubuntu.com/269-1/
Frequently Asked Questions
What is the severity of CVE-2004-2655?
CVE-2004-2655 is classified as a medium severity vulnerability due to the potential exposure of sensitive information.
How does CVE-2004-2655 affect users?
CVE-2004-2655 affects users by allowing the password to be mistakenly entered into an unintended active window upon unlocking the screen.
Which software versions are affected by CVE-2004-2655?
CVE-2004-2655 affects rdesktop 1.3.1 when used with xscreensaver versions 4.14, 4.16, and 4.17.
How do I fix CVE-2004-2655?
To fix CVE-2004-2655, consider upgrading xscreensaver to a version that addresses this focus issue.
Is CVE-2004-2655 easily exploitable?
CVE-2004-2655 is not easily exploited but can lead to user data exposure under specific conditions when the screen is unlocked.
- agent/type
- agent/references
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/xscreensaver
- canonical/jasdf screensavers
- version/jasdf screensavers/4.16
- version/jasdf screensavers/4.14
- version/jasdf screensavers/4.17