CVE-2004-1171

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html

http://marc.info/?l=bugtraq&m=110178786809694&w=2

http://marc.info/?l=bugtraq&m=110261063201488&w=2

http://secunia.com/advisories/13477

http://secunia.com/advisories/13486

http://secunia.com/advisories/13560

http://securitytracker.com/id?1012471

http://www.ciac.org/ciac/bulletins/p-051.shtml

http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml

http://www.kb.cert.org/vuls/id/305294

http://www.kde.org/info/security/advisory-20041209-1.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2004:150

http://www.osvdb.org/12248

http://www.sec-consult.com/index.php?id=118

http://www.securityfocus.com/bid/11866

https://exchange.xforce.ibmcloud.com/vulnerabilities/18267

Details

Source: MITRE

Published: 2005-01-10

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
18921FreeBSD : konqueror -- Password Disclosure for SMB Shares (4593cb09-4c81-11d9-983e-000c6e8f12ef)NessusFreeBSD Local Security Checks
low
16003GLSA-200412-16 : kdelibs, kdebase: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
15981Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)NessusMandriva Local Security Checks
high