PT-2005-4602 · Krusader · Krusader

Frank Schoolmeesters

Published

2005-11-27

Updated

2008-09-05

CVE-2005-3856

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Krusader versions 1.60.0 through 1.70.0-beta1

Description The issue allows passwords to be saved in cleartext when a user enters URLs containing passwords in the panel URL field. This might enable attackers to access other sites.

Recommendations For Krusader versions 1.60.0 through 1.70.0-beta1, consider removing or securely storing any saved URLs that contain passwords until a fix is available. As a temporary workaround, avoid entering URLs with passwords in the panel URL field to prevent cleartext storage of sensitive information.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3856

Affected Products

Krusader

PT-2005-4602 · Krusader · Krusader

CVE-2005-3856

Related Identifiers

Affected Products

References · 7