DescriptionThe Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs336169

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
krusader (PTS)buster2:2.7.1-1fixed
sid, trixie, bookworm2:2.8.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
krusadersourcesarge(not affected)


This seems to be a dupe of CVE-2006-3816, pinged MITRE

Search for package or bug name: Reporting problems