Korean
<< Back
VID 14051
Severity 40
Port 22
Protocol TCP
Class LSC
Detailed Description The host system allows everyone to read encrypted passwords in /etc/passwd file. Shadow password is one way to keep encrypted passwords information a secret from normal users. Anyone can figure out a password by using program that can guess the password in the host system. So passwords information should be stored in /etc/shadow file for only administrators to read.

* Platforms Affected:
UNIX, Linux
Recommendation Contact your vendor for the host system to support shadow password.
Related URL (CVE)
Related URL (SecurityFocus)
Related URL (ISS)