FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1171

This CVE name corresponds to:

Entered Topic
2004-12-12 konqueror -- Password Disclosure for SMB Shares

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-1171
Phase Assigned(20041210)

Description

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

References

Source Reference
BUGTRAQ 20041129 Password Disclosure for SMB Shares in KDE's Konqueror
FULLDISC 20041129 Password Disclosure for SMB Shares in KDE's Konqueror
MISC http://www.sec-consult.com/index.php?id=118
BUGTRAQ 20041209 KDE Security Advisory: plain text password exposure
CONFIRM http://www.kde.org/info/security/advisory-20041209-1.txt
GENTOO GLSA-200412-16
MANDRAKE MDKSA-2004:150
CERT-VN VU#305294
CIAC P-051
BID 11866
OSVDB 12248
SECTRACK 1012471
SECUNIA 13560
SECUNIA 13477
SECUNIA 13486
XF kde-smb-password-plaintext(18267)