CVE-2004-2655

Description

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

How to fix CVE-2004-2655

To remediate CVE-2004-2655, upgrade the affected package to a fixed version below.

• Debian/xscreensaver—upgrade to 4.18-1 or later

Is CVE-2004-2655 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.18-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-2655