Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
MITRE description: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.