CVE-2004-0653
Solaris 9 - Plaintext Password Exposure via pam_krb5 Debug Logging
Title source: llmDescription
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10606
Patch, Vendor Advisory third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-172.shtml
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2065
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A255
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11940/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16450
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/523710
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587
Scores
EPSS
0.0018
EPSS Percentile
39.5%
Details
Status
published
Products (1)
sun/solaris
9.0
Published
Aug 06, 2004
Tracked Since
Feb 18, 2026