cve-2004-1171
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
Summary
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110178786809694&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110261063201488&w=2
cve@mitre.orghttp://secunia.com/advisories/13477
cve@mitre.orghttp://secunia.com/advisories/13486
cve@mitre.orghttp://secunia.com/advisories/13560
cve@mitre.orghttp://securitytracker.com/id?1012471
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/p-051.shtml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/305294Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.kde.org/info/security/advisory-20041209-1.txt
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:150
cve@mitre.orghttp://www.osvdb.org/12248
cve@mitre.orghttp://www.sec-consult.com/index.php?id=118
cve@mitre.orghttp://www.securityfocus.com/bid/11866Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18267
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110178786809694&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110261063201488&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13477
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13486
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13560
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1012471
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-051.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/305294Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kde.org/info/security/advisory-20041209-1.txt
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/12248
af854a3a-2127-422b-91ae-364da2661108http://www.sec-consult.com/index.php?id=118
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11866Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18267
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "13486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13486"
          },
          {
            "name": "VU#305294",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/305294"
          },
          {
            "name": "11866",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11866"
          },
          {
            "name": "1012471",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1012471"
          },
          {
            "name": "P-051",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"
          },
          {
            "name": "20041129 Password Disclosure for SMB Shares in KDE\u0027s Konqueror",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"
          },
          {
            "name": "13560",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13560"
          },
          {
            "name": "kde-smb-password-plaintext(18267)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"
          },
          {
            "name": "MDKSA-2004:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"
          },
          {
            "name": "20041209 KDE Security Advisory: plain text password exposure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2"
          },
          {
            "name": "12248",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/12248"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/index.php?id=118"
          },
          {
            "name": "GLSA-200412-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"
          },
          {
            "name": "20041129 Password Disclosure for SMB Shares in KDE\u0027s Konqueror",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2"
          },
          {
            "name": "13477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user\u0027s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "13486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13486"
        },
        {
          "name": "VU#305294",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/305294"
        },
        {
          "name": "11866",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11866"
        },
        {
          "name": "1012471",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1012471"
        },
        {
          "name": "P-051",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"
        },
        {
          "name": "20041129 Password Disclosure for SMB Shares in KDE\u0027s Konqueror",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"
        },
        {
          "name": "13560",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13560"
        },
        {
          "name": "kde-smb-password-plaintext(18267)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"
        },
        {
          "name": "MDKSA-2004:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"
        },
        {
          "name": "20041209 KDE Security Advisory: plain text password exposure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2"
        },
        {
          "name": "12248",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/12248"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/index.php?id=118"
        },
        {
          "name": "GLSA-200412-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"
        },
        {
          "name": "20041129 Password Disclosure for SMB Shares in KDE\u0027s Konqueror",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2"
        },
        {
          "name": "13477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user\u0027s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "13486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13486"
            },
            {
              "name": "VU#305294",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/305294"
            },
            {
              "name": "11866",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11866"
            },
            {
              "name": "1012471",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1012471"
            },
            {
              "name": "P-051",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/p-051.shtml"
            },
            {
              "name": "20041129 Password Disclosure for SMB Shares in KDE\u0027s Konqueror",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html"
            },
            {
              "name": "13560",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13560"
            },
            {
              "name": "kde-smb-password-plaintext(18267)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267"
            },
            {
              "name": "MDKSA-2004:150",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150"
            },
            {
              "name": "20041209 KDE Security Advisory: plain text password exposure",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2"
            },
            {
              "name": "12248",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/12248"
            },
            {
              "name": "http://www.sec-consult.com/index.php?id=118",
              "refsource": "MISC",
              "url": "http://www.sec-consult.com/index.php?id=118"
            },
            {
              "name": "GLSA-200412-16",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml"
            },
            {
              "name": "20041129 Password Disclosure for SMB Shares in KDE\u0027s Konqueror",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2"
            },
            {
              "name": "13477",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13477"
            },
            {
              "name": "http://www.kde.org/info/security/advisory-20041209-1.txt",
              "refsource": "CONFIRM",
              "url": "http://www.kde.org/info/security/advisory-20041209-1.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1171",
    "datePublished": "2004-12-10T05:00:00",
    "dateReserved": "2004-12-10T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82F69843-978D-4686-BC5B-1D09DA4A21BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACEE0AED-7918-41E9-A902-AC4070E03132\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81E19472-47B4-4398-A188-CA5A5D3E7060\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D17407A2-089E-43A5-9BD5-EFF966F5CC16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C4B436D-8D6A-473E-B707-26147208808B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E26B353-4985-4116-B97A-5767CDC732F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F7180B3-03AC-427C-8CAD-FE06F81C4FF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*\", \"matchCriteriaId\": \"A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3528DABD-B821-4D23-AE12-614A9CA92C46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*\", \"matchCriteriaId\": \"9E661D58-18DF-4CCF-9892-F873618F4535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6996B14-925B-46B8-982F-3545328B506B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC80CF67-C51D-442C-9526-CFEDE84A6304\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user\u0027s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.\"}]",
      "id": "CVE-2004-1171",
      "lastModified": "2024-11-20T23:50:16.267",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-01-10T05:00:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/13477\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/13486\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/13560\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1012471\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ciac.org/ciac/bulletins/p-051.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/305294\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kde.org/info/security/advisory-20041209-1.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2004:150\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/12248\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.sec-consult.com/index.php?id=118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/11866\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/18267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/13477\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/13486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/13560\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1012471\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ciac.org/ciac/bulletins/p-051.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/305294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kde.org/info/security/advisory-20041209-1.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2004:150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/12248\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.sec-consult.com/index.php?id=118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/11866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/18267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-1171\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-01-10T05:00:00.000\",\"lastModified\":\"2024-11-20T23:50:16.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user\u0027s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82F69843-978D-4686-BC5B-1D09DA4A21BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACEE0AED-7918-41E9-A902-AC4070E03132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81E19472-47B4-4398-A188-CA5A5D3E7060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D17407A2-089E-43A5-9BD5-EFF966F5CC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C4B436D-8D6A-473E-B707-26147208808B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E26B353-4985-4116-B97A-5767CDC732F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F7180B3-03AC-427C-8CAD-FE06F81C4FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*\",\"matchCriteriaId\":\"A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3528DABD-B821-4D23-AE12-614A9CA92C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"9E661D58-18DF-4CCF-9892-F873618F4535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6996B14-925B-46B8-982F-3545328B506B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC80CF67-C51D-442C-9526-CFEDE84A6304\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/13477\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/13486\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/13560\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1012471\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/p-051.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/305294\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kde.org/info/security/advisory-20041209-1.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:150\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/12248\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sec-consult.com/index.php?id=118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11866\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18267\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110178786809694\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110261063201488\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/13477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/13486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/13560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1012471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/p-051.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/305294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kde.org/info/security/advisory-20041209-1.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/12248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sec-consult.com/index.php?id=118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.