Forum has been closed due to ongoing spam issues.
It is kept search and read-able as a reference. Registrations and logins are disabled. Please use the mailing lists instead.

   SearchSearch
[SA] Bookmarks stored in cleartext

 
Krusader Forum Index -> News
View previous topic :: View next topic  
Author Message
dirk
Webmaster & i18n Coordinator


Joined: 24 Mar 2002
Posts: 1346
Location: Germany

PostPosted: Mon Jul 17, 2006 11:07 pm    Post subject: [SA] Bookmarks stored in cleartext

Krusader Security Announcement

Title: Bookmark manager sometimes stores passwords in cleartext
Severity: normal
Exploitable: local

Description
Passwords for remote connections (ftp, sftp, fish, smb) are sometimes stored in cleartext by the bookmark manager.
The affected file is ~/.kde/share/apps/krusader/krbookmarks.xml.

Impact
An attacker could get access to the remote accounts.

Details
-

Affected Versions
Vulnerable: >=krusader-1.50-beta1 <krusader-1.70.1
Unaffected: >=krusader-1.70.1 >=krusader-cvs-20060713

Workaround
-

Resolution
Download and install krusader-1.70.1 or update Krusader from CVS (module krusader_kde3)

References
krusader-devel
log
diff/patch
Back to top
View user's profile Send private message Visit poster's website
Frank
Documentation & Marketing Coordinator


Joined: 19 Jun 2003
Posts: 1264
Location: Belgium

PostPosted: Thu Jul 27, 2006 7:49 am    Post subject:

A CVE report (common vunarabilities and exposures) is created.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3816
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3816
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Krusader Forum Index -> News All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group