CVE-2004-1171

Name of the Vulnerable Software and Affected Versions: KDE versions 3.2.x through 3.3.2

Description: The issue allows local users to obtain usernames and passwords for remote resources, such as SMB shares, because credentials are stored in plaintext in the user's .desktop file. This file may be created with world-readable permissions, which could be exploited to gain access to sensitive information. The credentials in question are either manually entered by the user or created by the SMB protocol handler.

Recommendations: For KDE versions 3.2.x through 3.3.2, consider restricting access to the .desktop file to prevent local users from obtaining the stored credentials. As a temporary workaround, avoid using the SMB protocol handler to create credentials until a proper fix is available. Additionally, ensure that the .desktop file is created with appropriate permissions to minimize the risk of exploitation.