Authentication Cache Flaw in KDE Kio-Extras Affects User Password Storage
CVE-2020-12755

3.3LOW

Key Information:

Vendor: Kde
Status: Kio-extras
Vendor: CVE Published:; 9 May 2020

What is CVE-2020-12755?

An improper authentication vulnerability exists in the fishProtocol's establishConnection function within KDE's kio-extras. This flaw allows the system to cache user credentials in KWallet without explicit user consent if the keepPassword option is not enabled. As a result, unauthorized applications may access sensitive passwords unintentionally stored, emphasizing the need for careful configuration of user authentication settings.

References

https://commits.kde.org/kio-extras/d813cef3cecdec9af1532a...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2020
Vulnerability Reserved
May 9, 2020

CVE-2020-12755 Data

JSON

Kde

What is CVE-2020-12755?

References

CVSS V3.1

Timeline