CVE-2004-1171

4 documents4 sources

Severity

2.1LOW

EPSS

0.1%

top 68.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE KDE Mandrakesoft Mandrake Linux Redhat Fedora Core

Timeline

PublishedJan 10

Latest updateApr 29

Description

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDkde/kde7 versions+6

▶NVDredhat/fedora_corecore_2.0, core_3.0+1

▶NVDmandrakesoft/mandrake_linux10.0, 10.1+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-h4qf-3cg3-x9jf: KDE 3↗2022-04-29

▶

CVEList

CVE-2004-1171: KDE 3↗2004-12-10

▶