FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

konqueror -- Password Disclosure for SMB Shares

Affected packages
3.2.0 <= kdebase <= 3.3.1
3.2.0 <= kdelibs <= 3.3.1

Details

VuXML ID 4593cb09-4c81-11d9-983e-000c6e8f12ef
Discovery 2004-10-06
Entry 2004-12-12
Modified 2005-01-13

When browsing SMB shares with Konqueror, shares with authentication show up with hidden password in the browser bar. It is possible to store the URL as a shortcut on the desktop where the password is then available in plain text.

References

CERT/CC Vulnerability Note 305294
CVE Name CVE-2004-1171
Message ICEEJPLEDKODPNFKJEGAIEBJGFAA.df@sec-consult.com
URL http://www.kde.org/info/security/advisory-20041209-1.txt