Definition
New Search
KDE Konqueror Userid/Password Disclosure Vulnerability
oval:org.mitre.oval:def:411
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header which could allow remote web sites to steal the credentials for pages that link to the sites.
Family:
unix
Status:
ACCEPTED
Platform(s):
- Red Hat Linux 9
Class:
vulnerability
Reference(s):
- CVE-2003-0459
Product(s):
- Konqueror