|
|
CVE Reference: CVE-2004-1171 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-1171 |
|
|
Description: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/18267 ST 1012471 SAID Secunia Advisory: SA13477 Secunia Advisory: SA13560 Secunia Advisory: SA13486 OSVDB 12248 MISC http://www.sec-consult.com/index.php?id=118 MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html CONFIRM http://www.kde.org/info/security/advisory-20041209-1.txt CIAC http://www.ciac.org/ciac/bulletins/p-051.shtml CERT-VN 305294 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=110261063201488&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=110178786809694&w=2 BID 11866 |
|
| Return to the previous page. |
