SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#305294

Shortcuts may insecurely store SMB authentication information

Overview

SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share.

I. Description

SMB is a protocol for sharing data and resources between computers. Many operating systems support accessing SMB shares via URIs of the form:

    smb://domain\username:password@server\sharename


If a shortcut to a protected SMB share is created, the URI (including the password section) will be stored as plain text within the shortcut. If an attacker can access the properties of the shortcut, they will be able to read the password and may be able to gain access to the protected share.

According to reports, this vulnerability affects the KDE Desktop Environment. However, other applications or operating systems may be affected as well.

II. Impact

If a local attacker can create (or persuade a user to create) a shortcut to a protected SMB share and then gain access to that shortcut's properties, they will be able to read the SMB share's authentication information and consequently, gain access to the protected SMB share.

III. Solution

We are currently unaware of a solution to this problem.

Lock Computer

Users are encouraged to lock their computers when they step away from them.

Systems Affected

VendorStatusDate NotifiedDate Updated
ConectivaUnknown10-Dec-2004
DebianUnknown10-Dec-2004
EngardeUnknown10-Dec-2004
Hewlett-Packard CompanyUnknown10-Dec-2004
IBM-zSeriesUnknown10-Dec-2004
IBM eServerUnknown17-Dec-2004
ImmunixUnknown10-Dec-2004
Ingrian NetworksUnknown10-Dec-2004
KDE Desktop Environment ProjectVulnerable13-Dec-2004
MandrakeSoftUnknown10-Dec-2004
MontaVista SoftwareUnknown10-Dec-2004
NEC CorporationNot Vulnerable17-Mar-2005
NovellUnknown10-Dec-2004
Openwall GNU/*/LinuxUnknown10-Dec-2004
Red Hat Inc.Unknown15-Dec-2004
SCOUnknown10-Dec-2004
SequentUnknown10-Dec-2004
Sun Microsystems Inc.Unknown10-Dec-2004
SuSE Inc.Unknown10-Dec-2004
TurboLinuxUnknown10-Dec-2004

References


http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-11/0394.html

Credit

This vulnerability was reported by Daniel Fabian.

This document was written by Jeff Gennari.

Other Information

Date Public:2004-11-29
Date First Published:2004-12-13
Date Last Updated:2005-03-17
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:1.39
Document Revision:116

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader