| Vulnerability Name: | CVE-2005-0248 (CCN-18868) | ||||||||
| Assigned: | 2005-01-10 | ||||||||
| Published: | 2005-01-10 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0248 Source: CCN Type: SA13803 Sun SMC GUI Account With Empty Password Creation Security Issue Source: SECUNIA Type: Patch, Vendor Advisory 13803 Source: CCN Type: SECTRACK ID: 1012860 Solaris Management Console (SMC) May Create New Accounts With Blank Passwords in Certain Cases Source: SECTRACK Type: UNKNOWN 1012860 Source: SUNALERT Type: Patch 57717 Source: CCN Type: Sun Alert ID: 57717 SMC Default Configuration GUI Creates User Accounts With Blank Password Instead of Locked Accounts Source: CCN Type: CIAC Information Bulletin P-096 Sun SMC Default Configuration GUI Creates User Accounts with Blank Password Instead of Locked Accounts Source: CIAC Type: Vendor Advisory P-096 Source: CCN Type: OSVDB ID: 12916 Sun SMC GUI Account Creation Default Null Password Source: BID Type: Patch 12260 Source: CCN Type: BID-12260 Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability Source: XF Type: UNKNOWN solaris-smc-blank-password(18868) Source: XF Type: UNKNOWN solaris-smc-blank-password(18868) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||