Vulnerability Description
Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Krusader | Krusader | 1.50_beta1 |
References
- http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1aPatch
- http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965Patch
- http://www.securityfocus.com/bid/19194
- http://www.vupen.com/english/advisories/2006/2992
- http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1aPatch
- http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965Patch
- http://www.securityfocus.com/bid/19194
- http://www.vupen.com/english/advisories/2006/2992
FAQ
What is CVE-2006-3816?
CVE-2006-3816 is a vulnerability with a CVSS score of 7.5 (HIGH). Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.
How severe is CVE-2006-3816?
CVE-2006-3816 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3816?
Check the references section above for vendor advisories and patch information. Affected products include: Krusader Krusader.