CVE-2005-3856
CVE-2005-3856 is a medium-severity vulnerability in Krusader with a CVSS 2.0 base score of 4.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.0)
- EPSS exploit prediction: 1% (58th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Krusader
- Published:
- Last modified:
Description
The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
Frequently asked questions
- What is CVE-2005-3856?
- The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
- How severe is CVE-2005-3856?
- CVE-2005-3856 has a CVSS 2.0 base score of 4.0, rated medium severity.
- Is CVE-2005-3856 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (58th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-3856?
- CVE-2005-3856 primarily affects Krusader. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-3856?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-3856 published?
- CVE-2005-3856 was published on 2005-11-27 and last updated on 2026-06-16.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336169
- http://www.krusader.org/phpBB/viewtopic.php?t=1367
- http://www.krusader.org/phpBB/viewtopic.php?t=1368
Affected products (2)
- cpe:2.3:a:krusader:krusader:1.60.0:*:*:*:*:*:*:*
- cpe:2.3:a:krusader:krusader:1.70.0_beta1:*:*:*:*:*:*:*
More vulnerabilities in Krusader
- CVE-2006-3816 — High (CVSS 7.5): Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file…