PT-2006-4675 · Krusader · Krusader

Published

2006-07-24

Updated

2011-03-08

CVE-2006-3816

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Krusader versions 1.50-beta1 through 1.70.0

Description The issue allows attackers to steal passwords by obtaining the bookmark file, which stores passwords for remote connections in cleartext.

Recommendations For versions 1.50-beta1 through 1.70.0, consider removing or securing access to the krbookmarks.xml file to prevent unauthorized access to stored passwords.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3816

Affected Products

Krusader

PT-2006-4675 · Krusader · Krusader

CVE-2006-3816

Related Identifiers

Affected Products

References · 5