Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/10606 | vdb-entry x_refsource_BID |
| http://www.ciac.org/ciac/bulletins/o-172.shtml | third-party-advisory government-resource x_refsource_CIAC |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1 | vendor-advisory x_refsource_SUNALERT |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2065 | vdb-entry signature x_refsource_OVAL |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A255 | vdb-entry signature x_refsource_OVAL |
| http://secunia.com/advisories/11940/ | third-party-advisory x_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16450 | vdb-entry x_refsource_XF |
| http://www.kb.cert.org/vuls/id/523710 | third-party-advisory x_refsource_CERT-VN |
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587 | vendor-advisory x_refsource_SUNALERT |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/10606 | vdb-entry x_refsource_BID x_transferred |
| http://www.ciac.org/ciac/bulletins/o-172.shtml | third-party-advisory government-resource x_refsource_CIAC x_transferred |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1 | vendor-advisory x_refsource_SUNALERT x_transferred |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2065 | vdb-entry signature x_refsource_OVAL x_transferred |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A255 | vdb-entry signature x_refsource_OVAL x_transferred |
| http://secunia.com/advisories/11940/ | third-party-advisory x_refsource_SECUNIA x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16450 | vdb-entry x_refsource_XF x_transferred |
| http://www.kb.cert.org/vuls/id/523710 | third-party-advisory x_refsource_CERT-VN x_transferred |
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587 | vendor-advisory x_refsource_SUNALERT x_transferred |