| VID |
14051 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The host system allows everyone to read encrypted passwords in /etc/passwd file. Shadow password is one way to keep encrypted passwords information a secret from normal users. Anyone can figure out a password by using program that can guess the password in the host system. So passwords information should be stored in /etc/shadow file for only administrators to read.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Contact your vendor for the host system to support shadow password. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
