Oval Definition:	oval:org.mitre.oval:def:2065
Revision Date: 2005-02-23 Version: 16 Title: Kerberos Client Plaintext Password Vulnerability Description: Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2004-0653 Platform(s): Sun Solaris 9 Product(s): pam_krb5 Definition Synopsis Software section Solaris 9 Installed AND Kerberos 5 installed AND NOT Patch 112908-13 or later installed AND Patch 112908-12 installed AND Configuration section /etc/pam.conf is configured to use pam_krb5 as an 'auth' module and the debug feature of pam_krb5 is enabled AND /etc/krb5/krb5.conf is configured with a kerberos domain AND /etc/syslog.conf is configured to log "debug" level messages for at least daemon
BACK