New Search

KDE Konqueror Userid/Password Disclosure Vulnerability

oval:org.mitre.oval:def:411

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header which could allow remote web sites to steal the credentials for pages that link to the sites.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Linux 9
Class:
vulnerability
Reference(s):
  • CVE-2003-0459
Product(s):
  • Konqueror