Vulnerability Note VU#305294

Shortcuts may insecurely store SMB authentication information

Original Release date: 13 Dec 2004 | Last revised: 17 Mar 2005

Overview

SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share.

Description

SMB is a protocol for sharing data and resources between computers. Many operating systems support accessing SMB shares via URIs of the form:

    smb://domain\username:password@server\sharename


If a shortcut to a protected SMB share is created, the URI (including the password section) will be stored as plain text within the shortcut. If an attacker can access the properties of the shortcut, they will be able to read the password and may be able to gain access to the protected share.

According to reports, this vulnerability affects the KDE Desktop Environment. However, other applications or operating systems may be affected as well.

Impact

If a local attacker can create (or persuade a user to create) a shortcut to a protected SMB share and then gain access to that shortcut's properties, they will be able to read the SMB share's authentication information and consequently, gain access to the protected SMB share.

Solution

We are currently unaware of a solution to this problem.

Lock Computer


Users are encouraged to lock their computers when they step away from them.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
KDE Desktop Environment ProjectAffected07 Dec 200413 Dec 2004
NEC CorporationNot Affected-17 Mar 2005
ConectivaUnknown09 Dec 200410 Dec 2004
DebianUnknown09 Dec 200410 Dec 2004
EngardeUnknown09 Dec 200410 Dec 2004
Hewlett-Packard CompanyUnknown09 Dec 200410 Dec 2004
IBM-zSeriesUnknown09 Dec 200410 Dec 2004
IBM eServerUnknown09 Dec 200417 Dec 2004
ImmunixUnknown09 Dec 200410 Dec 2004
Ingrian NetworksUnknown09 Dec 200410 Dec 2004
MandrakeSoftUnknown09 Dec 200410 Dec 2004
MontaVista SoftwareUnknown09 Dec 200410 Dec 2004
NovellUnknown09 Dec 200410 Dec 2004
Openwall GNU/*/LinuxUnknown09 Dec 200410 Dec 2004
Red Hat Inc.Unknown09 Dec 200415 Dec 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Daniel Fabian.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 29 Nov 2004
  • Date First Published: 13 Dec 2004
  • Date Last Updated: 17 Mar 2005
  • Severity Metric: 1.39
  • Document Revision: 116

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.