{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13486", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13486"}, {"name": "VU#305294", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"name": "11866", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11866"}, {"name": "1012471", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1012471"}, {"name": "P-051", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"name": "13560", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13560"}, {"name": "kde-smb-password-plaintext(18267)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"name": "MDKSA-2004:150", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"name": "20041209 KDE Security Advisory: plain text password exposure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"name": "12248", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/12248"}, {"tags": ["x_refsource_MISC"], "url": "http://www.sec-consult.com/index.php?id=118"}, {"name": "GLSA-200412-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"name": "13477", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13477"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1171", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13486", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13486"}, {"name": "VU#305294", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/305294"}, {"name": "11866", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11866"}, {"name": "1012471", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012471"}, {"name": "P-051", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"name": "13560", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13560"}, {"name": "kde-smb-password-plaintext(18267)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"name": "MDKSA-2004:150", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"name": "20041209 KDE Security Advisory: plain text password exposure", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"name": "12248", "refsource": "OSVDB", "url": "http://www.osvdb.org/12248"}, {"name": "http://www.sec-consult.com/index.php?id=118", "refsource": "MISC", "url": "http://www.sec-consult.com/index.php?id=118"}, {"name": "GLSA-200412-16", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"name": "13477", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13477"}, {"name": "http://www.kde.org/info/security/advisory-20041209-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:39:00.912Z"}, "title": "CVE Program Container", "references": [{"name": "13486", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13486"}, {"name": "VU#305294", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"name": "11866", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11866"}, {"name": "1012471", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1012471"}, {"name": "P-051", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred"], "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"name": "13560", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13560"}, {"name": "kde-smb-password-plaintext(18267)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"name": "MDKSA-2004:150", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"name": "20041209 KDE Security Advisory: plain text password exposure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"name": "12248", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/12248"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.sec-consult.com/index.php?id=118"}, {"name": "GLSA-200412-16", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"name": "13477", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13477"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1171", "datePublished": "2004-12-10T05:00:00", "dateReserved": "2004-12-10T00:00:00", "dateUpdated": "2024-08-08T00:39:00.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "82F69843-978D-4686-BC5B-1D09DA4A21BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACEE0AED-7918-41E9-A902-AC4070E03132", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81E19472-47B4-4398-A188-CA5A5D3E7060", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D17407A2-089E-43A5-9BD5-EFF966F5CC16", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B436D-8D6A-473E-B707-26147208808B", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E26B353-4985-4116-B97A-5767CDC732F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "9F7180B3-03AC-427C-8CAD-FE06F81C4FF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}], "id": "CVE-2004-1171", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13477"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13486"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13560"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012471"}, {"source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"source": "cve@mitre.org", "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/12248"}, {"source": "cve@mitre.org", "url": "http://www.sec-consult.com/index.php?id=118"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11866"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1012471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/12248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sec-consult.com/index.php?id=118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}