CVE-2013-4509

Name of the Vulnerable Software and Affected Versions IBUS versions 1.5.2 through 1.5.4

Description The default configuration of IBUS, when used with GNOME 3 and IBus.InputPurpose.PASSWORD is not set, does not obscure the entered password characters. This allows physically proximate attackers to obtain a user password by reading the lockscreen.

Recommendations For IBUS versions 1.5.2 through 1.5.4, consider setting IBus.InputPurpose.PASSWORD to obscure the entered password characters. As a temporary workaround, users can manually configure their settings to hide password input on the lockscreen until a patch is available.