CVE-2005-3856

The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336169	Patch Vendor Advisory
http://www.krusader.org/phpBB/viewtopic.php?t=1367	Vendor Advisory
http://www.krusader.org/phpBB/viewtopic.php?t=1368	Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336169	Patch Vendor Advisory
http://www.krusader.org/phpBB/viewtopic.php?t=1367	Vendor Advisory
http://www.krusader.org/phpBB/viewtopic.php?t=1368	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:krusader:krusader:1.60.0:::::::*
	cpe:2.3:a:krusader:krusader:1.70.0_beta1:::::::*

History

No history.

Information

Published : 2005-11-27 20:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-3856

Mitre link : CVE-2005-3856

CVE.ORG link : CVE-2005-3856

JSON object : View

Products Affected

krusader

krusader

CWE

NVD-CWE-Other

{"id": "CVE-2005-3856", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-11-27T20:03:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336169", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.krusader.org/phpBB/viewtopic.php?t=1367", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.krusader.org/phpBB/viewtopic.php?t=1368", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336169", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.krusader.org/phpBB/viewtopic.php?t=1367", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.krusader.org/phpBB/viewtopic.php?t=1368", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:krusader:krusader:1.60.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A6FF252-38EB-49B5-90E2-66C163A58829"}, {"criteria": "cpe:2.3:a:krusader:krusader:1.70.0_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F09774EF-A440-4C10-BDCD-467475AAB872"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}