Redhat: >> Kdelibs Devel Security Vulnerabilities
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
CVSS Score
5.0
EPSS Score
0.015
Published
2003-08-27