Oval Definition:oval:org.mitre.oval:def:255
Revision Date:2011-05-09Version:20
Title:Clear Text Password Logging Vulnerability
Description:Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0653
Platform(s):Sun Solaris 9
Product(s):
Definition Synopsis
  • Software section
  • Solaris 9 (SPARC) meets Sun Alert ID 101519 criteria.
  • Solaris 9 Installed
  • AND sparc architecture
  • AND Patch 112908-12 is installed
  • AND NOT Patch 112908-13 or later installed
  • OR Solaris 9 (x86) meets Sun Alert ID 101519 criteria.
  • Solaris 9 Installed
  • AND ix86 architecture
  • AND Patch 115168-03 is installed
  • AND NOT Patch 115168-04 or later installed
  • AND Configuration section
  • /etc/krb5/krb5.conf is configured as a kerberos client
  • AND pam_krb5 is an auth module with debug enabled
  • AND Logging of LOG_DEBUG level messages is enabled
    • BACK