Vulnerability Name:

CVE-2004-0653 (CCN-16450)

Assigned:2004-06-18
Published:2004-06-18
Updated:2017-10-11
Summary:Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2004-0653

Source: CCN
Type: SA11940
Sun Solaris Kerberos Client Clear Text Password Logging

Source: SECUNIA
Type: UNKNOWN
11940

Source: SUNALERT
Type: UNKNOWN
57587

Source: SUNALERT
Type: UNKNOWN
101519

Source: CCN
Type: Sun Alert ID: 57587
Solaris 9 Patches 112908-12 and 115168-03 WITHDRAWN, May Cause Passwords to be Logged as Clear Text on Kerberos Clients

Source: CCN
Type: CIAC Information Bulletin 0-172
Sun Solaris 9 Patches

Source: CIAC
Type: Patch, Vendor Advisory
O-172

Source: CCN
Type: US-CERT VU#523710
Sun Solaris patches may cause passwords to be logged in clear text

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#523710

Source: CCN
Type: OSVDB ID: 7254
Solaris Kerberos Client Cleartext Password Disclosure

Source: BID
Type: UNKNOWN
10606

Source: CCN
Type: BID-10606
Sun Solaris Patches 112908-12 And 115168-03 Clear Text Password Logging Vulnerability

Source: XF
Type: UNKNOWN
solaris-kerberos-password-plaintext(16450)

Source: XF
Type: UNKNOWN
solaris-kerberos-password-plaintext(16450)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2065

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:255

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:255
    V
    		Clear Text Password Logging Vulnerability
    2011-05-09
    oval:org.mitre.oval:def:2065
    V
    		Kerberos Client Plaintext Password Vulnerability
    2005-02-23
    BACK
    sun solaris 9.0
    sun solaris 9