CVE-2006-3816

Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14	Patch
http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965	Patch
http://www.securityfocus.com/bid/19194
http://www.vupen.com/english/advisories/2006/2992

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:krusader:krusader:1.50_beta1:::::::*
	cpe:2.3:a:krusader:krusader:1.60.0:::::::*
	cpe:2.3:a:krusader:krusader:1.70.0:::::::*
	cpe:2.3:a:krusader:krusader:1.70.0_beta1:::::::*

History

No history.

Information

Published : 2006-07-25 13:22

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3816

Mitre link : CVE-2006-3816

CVE.ORG link : CVE-2006-3816

JSON object : View

Products Affected

krusader

krusader

CWE

NVD-CWE-Other

{"id": "CVE-2006-3816", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-07-25T13:22:00.000", "references": [{"url": "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19194", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2992", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file."}, {"lang": "es", "value": "Krusader 1.50-beta1 hasta 1.70.0 almacena las contrase\u00f1as para las conexiones remotas en texto claro en el archivo de marcadores (krbookmarks.xml), lo cual permite a atacantes remotos robar contrase\u00f1as obteniendo el archivo."}], "lastModified": "2011-03-08T02:39:32.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:krusader:krusader:1.50_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97117E1-1054-407E-9891-28078FB7EFC1"}, {"criteria": "cpe:2.3:a:krusader:krusader:1.60.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A6FF252-38EB-49B5-90E2-66C163A58829"}, {"criteria": "cpe:2.3:a:krusader:krusader:1.70.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8313DDBC-1ED0-4897-B7B8-BEBDF732E350"}, {"criteria": "cpe:2.3:a:krusader:krusader:1.70.0_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F09774EF-A440-4C10-BDCD-467475AAB872"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}