oval:org.mitre.oval:def:255

Definition Id: oval:org.mitre.oval:def:255

Oval ID:	oval:org.mitre.oval:def:255
Title:	Clear Text Password Logging Vulnerability
Description:	Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0653	Version:	4
Platform(s):	Sun Solaris 9	Product(s):
Definition Synopsis:
Software section Solaris 9 (SPARC) meets Sun Alert ID 101519 criteria. Solaris 9 Installed AND sparc architecture AND Patch 112908-12 is installed AND NOT Patch 112908-13 or later installed OR Solaris 9 (x86) meets Sun Alert ID 101519 criteria. Solaris 9 Installed AND ix86 architecture AND Patch 115168-03 is installed AND NOT Patch 115168-04 or later installed AND Configuration section /etc/krb5/krb5.conf is configured as a kerberos client AND pam_krb5 is an auth module with debug enabled AND Logging of LOG_DEBUG level messages is enabled