CVE-2004-1171

high

Description

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18267

http://www.securityfocus.com/bid/11866

http://www.sec-consult.com/index.php?id=118

http://www.osvdb.org/12248

http://www.mandriva.com/security/advisories?name=MDKSA-2004:150

http://www.kde.org/info/security/advisory-20041209-1.txt

http://www.kb.cert.org/vuls/id/305294

http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml

http://www.ciac.org/ciac/bulletins/p-051.shtml

http://securitytracker.com/id?1012471

http://secunia.com/advisories/13560

http://secunia.com/advisories/13486

http://secunia.com/advisories/13477

http://marc.info/?l=bugtraq&m=110261063201488&w=2

http://marc.info/?l=bugtraq&m=110178786809694&w=2

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html

Details

Source: Mitre, NVD

Published: 2005-01-10

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High