ID 4593CB09-4C81-11D9-983E-000C6E8F12EF Type freebsd Reporter FreeBSD Modified 2005-01-13T00:00:00
Description
When browsing SMB shares with Konqueror, shares with
authentication show up with hidden password in the browser
bar. It is possible to store the URL as a shortcut on the
desktop where the password is then available in plain text.
{"modified": "2005-01-13T00:00:00", "cvelist": ["CVE-2004-1171"], "edition": 1, "type": "freebsd", "reporter": "FreeBSD", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=110178786809694", "http://www.kde.org/info/security/advisory-20041209-1.txt"], "hashmap": [{"hash": "7b1ecd057af5ed85c97bef18a1af11de", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "48cdf43b0cbc8d9c63f64b073d8d8396", "key": "cvelist"}, {"hash": "635d7f080910dc81e99c0ca9b0d4203f", "key": "cvss"}, {"hash": "6e80602011476ff0254700e5c66f153b", "key": "description"}, {"hash": "b1af0b7b541a3ec6401ae803d2bdaaaa", "key": "href"}, {"hash": "8e156ff7a31e71053099d14ebf49cb0a", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "b1b883cc81b9e692ad8257b57f50dd7e", "key": "published"}, {"hash": "9fe02bb7e219977934807ac0da0e2c2a", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "60993c10d1f4b70b702dde6d4aeacfe4", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "href": "https://vuxml.freebsd.org/freebsd/4593cb09-4c81-11d9-983e-000c6e8f12ef.html", "description": "\nWhen browsing SMB shares with Konqueror, shares with\n\t authentication show up with hidden password in the browser\n\t bar.\tIt is possible to store the URL as a shortcut on the\n\t desktop where the password is then available in plain text.\n", "id": "4593CB09-4C81-11D9-983E-000C6E8F12EF", "lastseen": "2016-09-26T17:25:18", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "hash": "2647b167fd1414f5f0eee549043aa33ae74a7236865755188820d9e587bc94b5", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "unix", "history": [], "published": "2004-10-06T00:00:00", "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "UNKNOWN", "operator": "le", "OS": "FreeBSD", "packageName": "kdebase", "OSVersion": "any", "packageVersion": "3.3.1", "arch": "noarch"}, {"packageFilename": "UNKNOWN", "operator": "eq", "OS": "FreeBSD", "packageName": "kdebase", "OSVersion": "any", "packageVersion": "3.2.0", "arch": "noarch"}, {"packageFilename": "UNKNOWN", "operator": "eq", "OS": "FreeBSD", "packageName": "kdelibs", "OSVersion": "any", "packageVersion": "3.2.0", "arch": "noarch"}, {"packageFilename": "UNKNOWN", "operator": "le", "OS": "FreeBSD", "packageName": "kdelibs", "OSVersion": "any", "packageVersion": "3.3.1", "arch": "noarch"}], "viewCount": 1, "title": "konqueror -- Password Disclosure for SMB Shares"}
{"result": {"cve": [{"id": "CVE-2004-1171", "type": "cve", "title": "CVE-2004-1171", "description": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.", "published": "2005-01-10T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1171", "cvelist": ["CVE-2004-1171"], "lastseen": "2017-07-11T11:14:31"}], "openvas": [{"id": "OPENVAS:52278", "type": "openvas", "title": "FreeBSD Ports: kdebase, kdelibs", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52278", "cvelist": ["CVE-2004-1171"], "lastseen": "2017-07-02T21:10:15"}, {"id": "OPENVAS:54775", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200412-16 (KDE)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200412-16.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54775", "cvelist": ["CVE-2004-1158", "CVE-2004-1171"], "lastseen": "2017-07-24T12:49:45"}], "osvdb": [{"id": "OSVDB:12248", "type": "osvdb", "title": "KDE Konqueror Shortcut SMB Share Password Disclosure", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.kde.org/\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:150)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20041209-1.txt)\nSecurity Tracker: 1012471\n[Secunia Advisory ID:13477](https://secuniaresearch.flexerasoftware.com/advisories/13477/)\n[Secunia Advisory ID:13486](https://secuniaresearch.flexerasoftware.com/advisories/13486/)\n[Secunia Advisory ID:13560](https://secuniaresearch.flexerasoftware.com/advisories/13560/)\nOther Advisory URL: http://www.securiteam.com/unixfocus/6P0050AC0A.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0099.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0050.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html\n[CVE-2004-1171](https://vulners.com/cve/CVE-2004-1171)\n", "published": "2004-11-29T19:47:35", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:12248", "cvelist": ["CVE-2004-1171"], "lastseen": "2017-04-28T13:20:07"}], "nessus": [{"id": "FREEBSD_PKG_4593CB094C8111D9983E000C6E8F12EF.NASL", "type": "nessus", "title": "FreeBSD : konqueror -- Password Disclosure for SMB Shares (4593cb09-4c81-11d9-983e-000c6e8f12ef)", "description": "When browsing SMB shares with Konqueror, shares with authentication show up with hidden password in the browser bar. It is possible to store the URL as a shortcut on the desktop where the password is then available in plain text.", "published": "2005-07-13T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18921", "cvelist": ["CVE-2004-1171"], "lastseen": "2017-10-29T13:41:11"}, {"id": "GENTOO_GLSA-200412-16.NASL", "type": "nessus", "title": "GLSA-200412-16 : kdelibs, kdebase: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200412-16 (kdelibs, kdebase: Multiple vulnerabilities)\n\n Daniel Fabian discovered that the KDE core libraries contain a flaw allowing password disclosure by making a link to a remote file.\n When creating this link, the resulting URL contains authentication credentials used to access the remote file (CAN 2004-1171).\n The Konqueror webbrowser allows websites to load webpages into a window or tab currently used by another website (CAN-2004-1158).\n Impact :\n\n A malicious user could have access to the authentication credentials of other users depending on the file permissions.\n A malicious website could use the window injection vulnerability to load content in a window apparently belonging to another website.\n Workaround :\n\n There is no known workaround at this time.", "published": "2004-12-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=16003", "cvelist": ["CVE-2004-1158", "CVE-2004-1171"], "lastseen": "2017-10-29T13:33:00"}, {"id": "MANDRAKE_MDKSA-2004-150.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)", "description": "Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CVE-2004-1171).\n\nAnother vulnerability was discovered where a malicious website could abuse Konqueror to load its own content into a window or tab that was opened by a trusted website, or it could trick a trusted website into loading content into an existing window or tab. This could lead to the user being confused as to the origin of a particular webpage and could have the user unknowingly send confidential information intended for a trusted site to the malicious site (CVE-2004-1158).\n\nThe updated packages contain a patch from the KDE team to solve this issue.\n\nAdditionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0 that are required to build the kdebase package.", "published": "2004-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15981", "cvelist": ["CVE-2004-1158", "CVE-2004-1171", "CVE-2004-0721"], "lastseen": "2017-10-29T13:42:54"}], "gentoo": [{"id": "GLSA-200412-16", "type": "gentoo", "title": "kdelibs, kdebase: Multiple vulnerabilities", "description": "### Background\n\nKDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. The KDE core libraries (kdebase and kdelibs) provide native support for many protocols. Konqueror is the KDE web browser and filemanager. \n\n### Description\n\nDaniel Fabian discovered that the KDE core libraries contain a flaw allowing password disclosure by making a link to a remote file. When creating this link, the resulting URL contains authentication credentials used to access the remote file (CAN 2004-1171). \n\nThe Konqueror webbrowser allows websites to load webpages into a window or tab currently used by another website (CAN-2004-1158). \n\n### Impact\n\nA malicious user could have access to the authentication credentials of other users depending on the file permissions. \n\nA malicious website could use the window injection vulnerability to load content in a window apparently belonging to another website. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdelibs users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdelibs-3.2.3-r4\"\n\nAll kdebase users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdebase-3.2.3-r3\"", "published": "2004-12-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200412-16", "cvelist": ["CVE-2004-1158", "CVE-2004-1171"], "lastseen": "2016-09-06T19:46:08"}]}}
