Vulnerability Report

CVE-2004-1171

Title: KDE plaintext password storage information disclosure

Information Disclosure

Proof Of Concept

No public PoC currently indexed for CVE-2004-1171.

CWE Category NVD-CWE-noinfo
Published Date Jan 10, 2005
Modified Date Apr 03, 2025
Exploit Status Not Found
Score 2.1 CVSS v2.0
Exploit Probability (EPSS)
0.12%

Vulnerability Summary

CVE-2004-1171: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Impacted Vendors

K
kde 1
M
mandrakesoft 1
R
redhat 1
F
fedoraproject 1

Reference Links

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html http://marc.info/?l=bugtraq&m=110178786809694&w=2 http://marc.info/?l=bugtraq&m=110261063201488&w=2 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://securitytracker.com/id?1012471 http://www.ciac.org/ciac/bulletins/p-051.shtml http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml http://www.kb.cert.org/vuls/id/305294 http://www.kde.org/info/security/advisory-20041209-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 http://www.osvdb.org/12248 http://www.sec-consult.com/index.php?id=118 http://www.securityfocus.com/bid/11866 https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html http://marc.info/?l=bugtraq&m=110178786809694&w=2 http://marc.info/?l=bugtraq&m=110261063201488&w=2 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://securitytracker.com/id?1012471 http://www.ciac.org/ciac/bulletins/p-051.shtml http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml http://www.kb.cert.org/vuls/id/305294 http://www.kde.org/info/security/advisory-20041209-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 http://www.osvdb.org/12248 http://www.sec-consult.com/index.php?id=118 http://www.securityfocus.com/bid/11866 https://exchange.xforce.ibmcloud.com/vulnerabilities/18267
CVSS v2.0
Source Entity [email protected]
Severity LOW
2.1
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:L/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2004-1171 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:L/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.