Vulnerability Note VU#305294
Shortcuts may insecurely store SMB authentication information
Overview
SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share.
Description
SMB is a protocol for sharing data and resources between computers. Many operating systems support accessing SMB shares via URIs of the form: smb://domain\username:password@server\sharename If a shortcut to a protected SMB share is created, the URI (including the password section) will be stored as plain text within the shortcut. If an attacker can access the properties of the shortcut, they will be able to read the password and may be able to gain access to the protected share. According to reports, this vulnerability affects the KDE Desktop Environment. However, other applications or operating systems may be affected as well. |
Impact
If a local attacker can create (or persuade a user to create) a shortcut to a protected SMB share and then gain access to that shortcut's properties, they will be able to read the SMB share's authentication information and consequently, gain access to the protected SMB share. |
Solution
We are currently unaware of a solution to this problem. |
Lock Computer
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| KDE Desktop Environment Project | Affected | 07 Dec 2004 | 13 Dec 2004 |
| NEC Corporation | Not Affected | - | 17 Mar 2005 |
| Conectiva | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Debian | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Engarde | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Hewlett-Packard Company | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| IBM-zSeries | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| IBM eServer | Unknown | 09 Dec 2004 | 17 Dec 2004 |
| Immunix | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Ingrian Networks | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| MandrakeSoft | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| MontaVista Software | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Novell | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Openwall GNU/*/Linux | Unknown | 09 Dec 2004 | 10 Dec 2004 |
| Red Hat Inc. | Unknown | 09 Dec 2004 | 15 Dec 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
This vulnerability was reported by Daniel Fabian.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: Unknown
- Date Public: 29 Nov 2004
- Date First Published: 13 Dec 2004
- Date Last Updated: 17 Mar 2005
- Severity Metric: 1.39
- Document Revision: 116
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.