VID |
14051 |
Severity |
40 |
Port |
22 |
Protocol |
TCP |
Class |
LSC |
Detailed Description |
The host system allows everyone to read encrypted passwords in /etc/passwd file. Shadow password is one way to keep encrypted passwords information a secret from normal users. Anyone can figure out a password by using program that can guess the password in the host system. So passwords information should be stored in /etc/shadow file for only administrators to read.
* Platforms Affected: UNIX, Linux |
Recommendation |
Contact your vendor for the host system to support shadow password. |
Related URL |
(CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|