Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0653

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0653
Last Modified 10 Sep 2008 03:27:09
Published 06 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0653

Summary

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.

Vulnerable Systems

Operating System

  • Sun Solaris 9.0


References

CERT-VN - VU#523710

CIAC - O-172

XF - solaris-kerberos-password-plaintext(16450)

BID - 10606

SUNALERT - 57587

SECUNIA - 11940

SUNALERT - 101519


Last Updated: 27 May 2016 10:38:42