CVE-2005-3856

NameCVE-2005-3856
DescriptionThe Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs336169

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
krusader (PTS)wheezy1:2.3.0~beta1-1+wheezy3fixed
jessie1:2.4.0~beta3-2fixed
stretch2:2.5.0-2fixed
buster, sid2:2.6.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
krusadersource(unstable)1.70.0-1low336169
krusadersourcesarge(not affected)

Notes

This seems to be a dupe of CVE-2006-3816, pinged MITRE
Search for package or bug name: Reporting problems