CVE-2004-1171 - Vulnerability Details

Vendors	Products
Kde	Kde
Mandrakesoft	Mandrake Linux
Redhat	Fedora Core

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
http://marc.info/?l=bugtraq&m=110178786809694&w=2
http://marc.info/?l=bugtraq&m=110261063201488&w=2
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://secunia.com/advisories/13560
http://securitytracker.com/id?1012471
http://www.ciac.org/ciac/bulletins/p-051.shtml
http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
http://www.kb.cert.org/vuls/id/305294
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
http://www.osvdb.org/12248
http://www.sec-consult.com/index.php?id=118
http://www.securityfocus.com/bid/11866
https://exchange.xforce.ibmcloud.com/vulnerabilities/18267

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13486", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13486"}, {"name": "VU#305294", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"name": "11866", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11866"}, {"name": "1012471", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1012471"}, {"name": "P-051", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"name": "13560", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13560"}, {"name": "kde-smb-password-plaintext(18267)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"name": "MDKSA-2004:150", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"name": "20041209 KDE Security Advisory: plain text password exposure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"name": "12248", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/12248"}, {"tags": ["x_refsource_MISC"], "url": "http://www.sec-consult.com/index.php?id=118"}, {"name": "GLSA-200412-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"name": "13477", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13477"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1171", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13486", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13486"}, {"name": "VU#305294", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/305294"}, {"name": "11866", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11866"}, {"name": "1012471", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012471"}, {"name": "P-051", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"name": "13560", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13560"}, {"name": "kde-smb-password-plaintext(18267)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"name": "MDKSA-2004:150", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"name": "20041209 KDE Security Advisory: plain text password exposure", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"name": "12248", "refsource": "OSVDB", "url": "http://www.osvdb.org/12248"}, {"name": "http://www.sec-consult.com/index.php?id=118", "refsource": "MISC", "url": "http://www.sec-consult.com/index.php?id=118"}, {"name": "GLSA-200412-16", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"name": "13477", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13477"}, {"name": "http://www.kde.org/info/security/advisory-20041209-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:39:00.912Z"}, "title": "CVE Program Container", "references": [{"name": "13486", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13486"}, {"name": "VU#305294", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"name": "11866", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11866"}, {"name": "1012471", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1012471"}, {"name": "P-051", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred"], "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"name": "13560", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13560"}, {"name": "kde-smb-password-plaintext(18267)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"name": "MDKSA-2004:150", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"name": "20041209 KDE Security Advisory: plain text password exposure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"name": "12248", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/12248"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.sec-consult.com/index.php?id=118"}, {"name": "GLSA-200412-16", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"name": "13477", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13477"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1171", "datePublished": "2004-12-10T05:00:00", "dateReserved": "2004-12-10T00:00:00", "dateUpdated": "2024-08-08T00:39:00.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2004-12-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-10T14:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 13486 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/13486 (string)

}

1 : { »

name : VU#305294 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/305294 (string)

}

2 : { »

name : 11866 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/11866 (string)

}

3 : { »

name : 1012471 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://securitytracker.com/id?1012471 (string)

}

4 : { »

name : P-051 (string)

tags : [ »

0 : third-party-advisory (string)

1 : government-resource (string)

2 : x_refsource_CIAC (string)

]

url : http://www.ciac.org/ciac/bulletins/p-051.shtml (string)

}

5 : { »

name : 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html (string)

}

6 : { »

name : 13560 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/13560 (string)

}

7 : { »

name : kde-smb-password-plaintext(18267) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 (string)

}

8 : { »

name : MDKSA-2004:150 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

]

url : http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 (string)

}

9 : { »

name : 20041209 KDE Security Advisory: plain text password exposure (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=110261063201488&w=2 (string)

}

10 : { »

name : 12248 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://www.osvdb.org/12248 (string)

}

11 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.sec-consult.com/index.php?id=118 (string)

}

12 : { »

name : GLSA-200412-16 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml (string)

}

13 : { »

name : 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=110178786809694&w=2 (string)

}

14 : { »

name : 13477 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/13477 (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.kde.org/info/security/advisory-20041209-1.txt (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2004-1171 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 13486 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/13486 (string)

}

1 : { »

name : VU#305294 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/305294 (string)

}

2 : { »

name : 11866 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/11866 (string)

}

3 : { »

name : 1012471 (string)

refsource : SECTRACK (string)

url : http://securitytracker.com/id?1012471 (string)

}

4 : { »

name : P-051 (string)

refsource : CIAC (string)

url : http://www.ciac.org/ciac/bulletins/p-051.shtml (string)

}

5 : { »

name : 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (string)

refsource : FULLDISC (string)

url : http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html (string)

}

6 : { »

name : 13560 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/13560 (string)

}

7 : { »

name : kde-smb-password-plaintext(18267) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 (string)

}

8 : { »

name : MDKSA-2004:150 (string)

refsource : MANDRAKE (string)

url : http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 (string)

}

9 : { »

name : 20041209 KDE Security Advisory: plain text password exposure (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=110261063201488&w=2 (string)

}

10 : { »

name : 12248 (string)

refsource : OSVDB (string)

url : http://www.osvdb.org/12248 (string)

}

11 : { »

name : http://www.sec-consult.com/index.php?id=118 (string)

refsource : MISC (string)

url : http://www.sec-consult.com/index.php?id=118 (string)

}

12 : { »

name : GLSA-200412-16 (string)

refsource : GENTOO (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml (string)

}

13 : { »

name : 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=110178786809694&w=2 (string)

}

14 : { »

name : 13477 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/13477 (string)

}

15 : { »

name : http://www.kde.org/info/security/advisory-20041209-1.txt (string)

refsource : CONFIRM (string)

url : http://www.kde.org/info/security/advisory-20041209-1.txt (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-08T00:39:00.912Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 13486 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/13486 (string)

}

1 : { »

name : VU#305294 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/305294 (string)

}

2 : { »

name : 11866 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/11866 (string)

}

3 : { »

name : 1012471 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://securitytracker.com/id?1012471 (string)

}

4 : { »

name : P-051 (string)

tags : [ »

0 : third-party-advisory (string)

1 : government-resource (string)

2 : x_refsource_CIAC (string)

3 : x_transferred (string)

]

url : http://www.ciac.org/ciac/bulletins/p-051.shtml (string)

}

5 : { »

name : 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html (string)

}

6 : { »

name : 13560 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/13560 (string)

}

7 : { »

name : kde-smb-password-plaintext(18267) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 (string)

}

8 : { »

name : MDKSA-2004:150 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 (string)

}

9 : { »

name : 20041209 KDE Security Advisory: plain text password exposure (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=110261063201488&w=2 (string)

}

10 : { »

name : 12248 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://www.osvdb.org/12248 (string)

}

11 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.sec-consult.com/index.php?id=118 (string)

}

12 : { »

name : GLSA-200412-16 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml (string)

}

13 : { »

name : 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=110178786809694&w=2 (string)

}

14 : { »

name : 13477 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/13477 (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.kde.org/info/security/advisory-20041209-1.txt (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2004-1171 (string)

datePublished : 2004-12-10T05:00:00 (string)

dateReserved : 2004-12-10T00:00:00 (string)

dateUpdated : 2024-08-08T00:39:00.912Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "82F69843-978D-4686-BC5B-1D09DA4A21BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACEE0AED-7918-41E9-A902-AC4070E03132", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81E19472-47B4-4398-A188-CA5A5D3E7060", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D17407A2-089E-43A5-9BD5-EFF966F5CC16", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B436D-8D6A-473E-B707-26147208808B", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E26B353-4985-4116-B97A-5767CDC732F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "9F7180B3-03AC-427C-8CAD-FE06F81C4FF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}], "id": "CVE-2004-1171", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13477"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13486"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13560"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012471"}, {"source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"source": "cve@mitre.org", "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/12248"}, {"source": "cve@mitre.org", "url": "http://www.sec-consult.com/index.php?id=118"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11866"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1012471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/305294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/12248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sec-consult.com/index.php?id=118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 82F69843-978D-4686-BC5B-1D09DA4A21BD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : ACEE0AED-7918-41E9-A902-AC4070E03132 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 81E19472-47B4-4398-A188-CA5A5D3E7060 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D17407A2-089E-43A5-9BD5-EFF966F5CC16 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C4B436D-8D6A-473E-B707-26147208808B (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E26B353-4985-4116-B97A-5767CDC732F1 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 9F7180B3-03AC-427C-8CAD-FE06F81C4FF1 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* (string)

matchCriteriaId : A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3528DABD-B821-4D23-AE12-614A9CA92C46 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:* (string)

matchCriteriaId : 9E661D58-18DF-4CCF-9892-F873618F4535 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E6996B14-925B-46B8-982F-3545328B506B (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EC80CF67-C51D-442C-9526-CFEDE84A6304 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. (string)

}

]

id : CVE-2004-1171 (string)

lastModified : 2025-04-03T01:03:51.193 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2005-01-10T05:00:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=110178786809694&w=2 (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=110261063201488&w=2 (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/13477 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/13486 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/13560 (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://securitytracker.com/id?1012471 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.ciac.org/ciac/bulletins/p-051.shtml (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/305294 (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.kde.org/info/security/advisory-20041209-1.txt (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.osvdb.org/12248 (string)

}

13 : { »

source : cve@mitre.org (string)

url : http://www.sec-consult.com/index.php?id=118 (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.securityfocus.com/bid/11866 (string)

}

15 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=110178786809694&w=2 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=110261063201488&w=2 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/13477 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/13486 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/13560 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://securitytracker.com/id?1012471 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ciac.org/ciac/bulletins/p-051.shtml (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/305294 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.kde.org/info/security/advisory-20041209-1.txt (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.osvdb.org/12248 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.sec-consult.com/index.php?id=118 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.securityfocus.com/bid/11866 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object