-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Konqueror Exposure of Username and Password Date: Today 12:26:02 pm Konqueror Exposure of Username and Password CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: - From remote SOFTWARE: KDE 2.x KDE 3.x Konqueror Embedded DESCRIPTION: A vulnerability has been identified in Konqueror, which could possibly expose username and password to another website. The problem is that when the HTTP "REFERER" header is transmitted to a different site, the user credentials are not stripped. E.g. the URL "http://user:pass@protected.site/" may be revealed to any site, which the user visits by clicking a link from the protected site. SOLUTION: KDE version 3.1.3 is not vulnerable. Patches for older releases are available: Konqueror embedded: http://devel-home.kde.org/~hausmann/snapshots/ 30dc3e109124e8532c7c0ed6ad3ec6fb konqueror-embedded-snapshot-20030705.tar.gz A patch for KDE 2.2.2 is available from: ftp://ftp.kde.org/pub/kde/security_patches 90d0a6064ee1ba99347b55e303081cd5 post-2.2.2-kdelibs-http.patch Patches for KDE 3.0.5b are available from: ftp://ftp.kde.org/pub/kde/security_patches a2bd79b4a78aa7d51afe01c47a8ab6d2 post-3.0.5b-kdelibs-http.patch a5ed29d49c07aa5a2c63b9bbaec0e7b2 post-3.0.5b-kdelibs-khtml.patch Patches for KDE 3.1.2 are available from: ftp://ftp.kde.org/pub/kde/security_patches 8ebafe8432e92cb4e878a37153cf12a4 post-3.1.2-kdelibs-http.patch 6f27515ca22198b4060f4a4fe3c3a6b1 post-3.1.2-kdelibs-khtml.patch REPORTED BY / CREDITS: George Staikos ORIGINAL ADVISORY: http://www.kde.org/info/security/advisory-20030729-1.txt Forwarded to me by Fred Miller Konqueror Exposure of Username and Password CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: - From remote SOFTWARE: KDE 2.x KDE 3.x Konqueror Embedded DESCRIPTION: A vulnerability has been identified in Konqueror, which could possibly expose username and password to another website. The problem is that when the HTTP "REFERER" header is transmitted to a different site, the user credentials are not stripped. E.g. the URL "http://user:pass@protected.site/" may be revealed to any site, which the user visits by clicking a link from the protected site. SOLUTION: KDE version 3.1.3 is not vulnerable. Patches for older releases are available: Konqueror embedded: http://devel-home.kde.org/~hausmann/snapshots/ 30dc3e109124e8532c7c0ed6ad3ec6fb konqueror-embedded-snapshot-20030705.tar.gz A patch for KDE 2.2.2 is available from: ftp://ftp.kde.org/pub/kde/security_patches 90d0a6064ee1ba99347b55e303081cd5 post-2.2.2-kdelibs-http.patch Patches for KDE 3.0.5b are available from: ftp://ftp.kde.org/pub/kde/security_patches a2bd79b4a78aa7d51afe01c47a8ab6d2 post-3.0.5b-kdelibs-http.patch a5ed29d49c07aa5a2c63b9bbaec0e7b2 post-3.0.5b-kdelibs-khtml.patch Patches for KDE 3.1.2 are available from: ftp://ftp.kde.org/pub/kde/security_patches 8ebafe8432e92cb4e878a37153cf12a4 post-3.1.2-kdelibs-http.patch 6f27515ca22198b4060f4a4fe3c3a6b1 post-3.1.2-kdelibs-khtml.patch REPORTED BY / CREDITS: George Staikos ORIGINAL ADVISORY: http://www.kde.org/info/security/advisory-20030729-1.txt Cheers, Curtis. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/KAM9iqnGhdjCOJsRAvG6AJwIv9BGfOuYFBcMXpn77T6/oW42dACfS9s3 xw9tKxL6ddPHmziA6waTJZs= =B//1 -----END PGP SIGNATURE-----