Lucene search

[email protected]CVE-2006-3816

HistoryJul 25, 2006 - 1:22 p.m.

CVE-2006-3816

2006-07-2513:22:00

[email protected]

web.nvd.nist.gov

krusader

password storage

cleartext

remote connections

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.

Affected configurations

NVD

Node

krusaderkrusaderMatch1.50_beta1

krusaderkrusaderMatch1.60.0

krusaderkrusaderMatch1.70.0

krusaderkrusaderMatch1.70.0_beta1

CPENameOperatorVersion
krusader:krusaderkrusadereq1.50_beta1
krusader:krusaderkrusadereq1.60.0
krusader:krusaderkrusadereq1.70.0
krusader:krusaderkrusadereq1.70.0_beta1

CPE	Name	Operator	Version
krusader:krusader	krusader	eq	1.50_beta1
krusader:krusader	krusader	eq	1.60.0
krusader:krusader	krusader	eq	1.70.0
krusader:krusader	krusader	eq	1.70.0_beta1

References

groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14

krusader.sourceforge.net/phpBB/viewtopic.php?p=7965

www.securityfocus.com/bid/19194

www.vupen.com/english/advisories/2006/2992

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for CVE-2006-3816

debiancve1 ubuntucve1 cvelist1 nvd1