CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Published: Jan 10, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1171
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
kde / kde	3.3.2	3.3.2.x
redhat / fedora_core	core_2.0	core_2.0.x
kde / kde	3.3.1	3.3.1.x
kde / kde	3.2.2	3.2.2.x
kde / kde	3.2.1	3.2.1.x
mandrakesoft / mandrake_linux	10.1	10.1.x
kde / kde	3.3	3.3.x
mandrakesoft / mandrake_linux	10.0	10.0.x
kde / kde	3.2	3.2.x
kde / kde	3.2.3	3.2.3.x
redhat / fedora_core	core_3.0	core_3.0.x

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
http://marc.info/?l=bugtraq&m=110178786809694&w=2
http://marc.info/?l=bugtraq&m=110261063201488&w=2
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://secunia.com/advisories/13560
http://securitytracker.com/id?1012471
http://www.ciac.org/ciac/bulletins/p-051.shtml
http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
http://www.kb.cert.org/vuls/id/305294
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
http://www.osvdb.org/12248
http://www.sec-consult.com/index.php?id=118
http://www.securityfocus.com/bid/11866
https://exchange.xforce.ibmcloud.com/vulnerabilities/18267

Vulnerability Database

289,599

CVE-2004-1171