CVE-2004-1171

2005-01-1000:00:00

ubuntu.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

37.0%

JSON

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1)
manually entered by the user or (2) created by the SMB protocol handler,
stores those credentials for plaintext in the user’s .desktop file, which
may be created with world-readable permissions, which could allow local
users to obtain usernames and passwords for remote resources such as SMB
shares.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkdebase< 3.5.2-0ubuntu27.1UNKNOWN
ubuntu6.10noarchkdebase< 3.5.5-0ubuntu3.5UNKNOWN
ubuntu7.04noarchkdebase< 3.5.6-0ubuntu20.2UNKNOWN
ubuntu6.06noarchkdelibs< 3.5.2-0ubuntu18.5UNKNOWN
ubuntu6.10noarchkdelibs< 3.5.5-0ubuntu3.5UNKNOWN
ubuntu7.04noarchkdelibs< 3.5.6-0ubuntu14.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	kdebase	< 3.5.2-0ubuntu27.1	UNKNOWN
ubuntu	6.10	noarch	kdebase	< 3.5.5-0ubuntu3.5	UNKNOWN
ubuntu	7.04	noarch	kdebase	< 3.5.6-0ubuntu20.2	UNKNOWN
ubuntu	6.06	noarch	kdelibs	< 3.5.2-0ubuntu18.5	UNKNOWN
ubuntu	6.10	noarch	kdelibs	< 3.5.5-0ubuntu3.5	UNKNOWN
ubuntu	7.04	noarch	kdelibs	< 3.5.6-0ubuntu14.1	UNKNOWN