[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#285126: CAN-2004-1171: plain text password exposure

Package: kdelibs, kdebase
Version: 3.3.2
Tags: security, patch
Severity: serious

CAN-2004-1171 is about a security hole in KDE that allows for possible
passoword leakage:

  KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1)
  manually entered by the user or (2) created by the SMB protocol handler, stores
  those credentials for in plaintext in the user's .desktop file, which may be
  created with world-readable permissions, which could allow local users to
  obtain usernames and passwords for remote resources such as SMB shares.

Note that this will need to be fixed in both the version in unstable
and the older version in testing via t-p-u. This page has details of the
hole and links to patches for all recent versions of KDE:


see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: