Vulnerabilities > CVE-2006-3816 - Information Disclosure vulnerability in Krusader Bookmark Manager Password

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

krusader

NVD

Published: 2006-07-25

Updated: 2011-03-08

Summary

Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.

Vulnerable Configurations

Part	Description	Count
Application	Krusader Krusader Krusader 1.50_Beta1 Krusader Krusader 1.60.0 Krusader Krusader 1.70.0 Krusader Krusader 1.70.0_Beta1	4

References

http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14
http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965
http://www.securityfocus.com/bid/19194
http://www.vupen.com/english/advisories/2006/2992