| Vulnerability Name: | CVE-2003-1078 (CCN-11436) | ||||||||
| Assigned: | 2003-02-27 | ||||||||
| Published: | 2003-02-27 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-1078 Source: CCN Type: SA8186 SUN Solaris ftp in debug mode password disclosure Source: SECUNIA Type: Patch, Vendor Advisory 8186 Source: CCN Type: SECTRACK ID: 1006195 Sun Solaris FTP Client Displays The User Password When in Debug Mode Source: CCN Type: Sun Alert ID: 51081 In Debug Mode, the ftp(1) Command Displays the Password on Screen in Clear Text Source: SUNALERT Type: Patch, Vendor Advisory 51081 Source: CCN Type: OSVDB ID: 15146 Solaris FTP Client Debug (-d) Flag Password Disclosure Source: BID Type: UNKNOWN 6989 Source: CCN Type: BID-6989 Sun Microsystems Solaris FTP Client Debug Mode Password Display Vulnerability Source: SECTRACK Type: UNKNOWN 1006195 Source: XF Type: UNKNOWN solaris-ftp-plaintext-password(11436) Source: XF Type: UNKNOWN solaris-ftp-plaintext-password(11436) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||