CVE-2004-0653 | Vulnerability Database | Aqua Security

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an auth module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other users passwords by reading log files.

Affected Software

Name	Vendor	Start Version	End Version
Solaris	Sun	9.0 (including)	9.0 (including)

References

http://secunia.com/advisories/11940/
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1
http://www.ciac.org/ciac/bulletins/o-172.shtml
http://www.kb.cert.org/vuls/id/523710
http://www.securityfocus.com/bid/10606
https://exchange.xforce.ibmcloud.com/vulnerabilities/16450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A255
http://secunia.com/advisories/11940/
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1
http://www.ciac.org/ciac/bulletins/o-172.shtml
http://www.kb.cert.org/vuls/id/523710
http://www.securityfocus.com/bid/10606
https://exchange.xforce.ibmcloud.com/vulnerabilities/16450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A255

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0653
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html