Redhat: >> Kdelibs Devel >> 3.0.0-10 Security Vulnerabilities
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
CVSS Score
5.0
EPSS Score
0.015
Published
2003-08-27