Definition

Clear Text Password Logging Vulnerability

oval:org.mitre.oval:def:255

Solaris 9 when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled records passwords in plaintext which could allow local users to gain other user's passwords by reading log files.

Family:

unix

Status:

ACCEPTED

Platform(s):

Sun Solaris 9

Class:

vulnerability

Reference(s):

CVE-2004-0653

Product(s):