| Vulnerability Name: | CVE-2004-1171 (CCN-18267) | ||||||||
| Assigned: | 2004-11-29 | ||||||||
| Published: | 2004-11-29 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Mon Nov 29 2004 - 02:22:44 CST Password Disclosure for SMB Shares in KDE's Konqueror Source: FULLDISC Type: UNKNOWN 20041129 Password Disclosure for SMB Shares in KDE's Konqueror Source: MITRE Type: CNA CVE-2004-1171 Source: BUGTRAQ Type: UNKNOWN 20041129 Password Disclosure for SMB Shares in KDE's Konqueror Source: BUGTRAQ Type: UNKNOWN 20041209 KDE Security Advisory: plain text password exposure Source: SECUNIA Type: UNKNOWN 13477 Source: SECUNIA Type: UNKNOWN 13486 Source: SECUNIA Type: UNKNOWN 13560 Source: CCN Type: SECTRACK ID: 1012471 KDE May Disclose SMB Passwords to Remote Users Via URLs Source: SECTRACK Type: UNKNOWN 1012471 Source: CCN Type: CIAC Information Bulletin P-051 SMB Password Disclosure Source: CIAC Type: UNKNOWN P-051 Source: CCN Type: GLSA-200412-16 kdelibs, kdebase: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200412-16 Source: CCN Type: US-CERT VU#305294 Shortcuts may insecurely store SMB authentication information Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#305294 Source: CCN Type: KDE Security Advisory 2004-12-09 plain text password exposure Source: CONFIRM Type: UNKNOWN http://www.kde.org/info/security/advisory-20041209-1.txt Source: MANDRAKE Type: UNKNOWN MDKSA-2004:150 Source: OSVDB Type: UNKNOWN 12248 Source: CCN Type: OSVDB ID: 12248 KDE Konqueror Shortcut SMB Share Password Disclosure Source: MISC Type: UNKNOWN http://www.sec-consult.com/index.php?id=118 Source: BID Type: Patch, Vendor Advisory 11866 Source: CCN Type: BID-11866 KDE Plaintext Password Disclosure Vulnerability Source: XF Type: UNKNOWN kde-smb-password-plaintext(18267) Source: XF Type: UNKNOWN kde-smb-password-plaintext(18267) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||