CVE-2004-0653Solaris vulnerability

3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.2%
top 59.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Solaris
Timeline
PublishedAug 6
Latest updateApr 29

Description

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDsun/solaris9.0

Patches

Patch: www.ciac.orgPatch: www.kb.cert.orgPatch: www.ciac.org

🔴Vulnerability Details

2
GHSA
GHSA-wxgh-q2cx-wqqm: Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enable2022-04-29
CVEList
CVE-2004-0653: Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enable2004-07-13
CVE-2004-0653 — SUN Solaris vulnerability | cvebase