A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.