Back to search
CVE-2004-0653
Published: Jul 13, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
10606
vdb-entry
x_refsource_BID
O-172
third-party-advisory
government-resource
x_refsource_CIAC
101519
vendor-advisory
x_refsource_SUNALERT
oval:org.mitre.oval:def:2065
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:255
vdb-entry
signature
x_refsource_OVAL
11940
third-party-advisory
x_refsource_SECUNIA
solaris-kerberos-password-plaintext(16450)
vdb-entry
x_refsource_XF
VU#523710
third-party-advisory
x_refsource_CERT-VN
57587
vendor-advisory
x_refsource_SUNALERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now