Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text.
According to the Sun Security Alert:
A local user with access to the log files could obtain another user's password.
Apply a patch
Disable logging of LOG_DEBUG level messages
This can be accomplished by the following steps:
2. Send a SIGHUP to syslogd:
This vulnerability was reported by Sun Microsystems Inc.
This document was written by Damon Morda.
|Date First Published:||2004-06-24|
|Date Last Updated:||2004-06-30 13:21 UTC|