KDE Konqueror HTTP-Referer Credential Leakage Vulnerability

KDE Konqueror HTTP-Referer Credential Leakage Vulnerability

CVE-2003-0459 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Learn more about our Web App Pen Testing.