Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability
BID:12260
Info
Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability
| Bugtraq ID: | 12260 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2005 12:00AM |
| Updated: | Jan 13 2005 12:00AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc |
| Not Vulnerable: | |
Discussion
Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability
An insecure account creation vulnerability affects the Sun Solaris Management Console (SMC) Graphical User Interface. This issue is due to a failure of the application to securely create accounts that have no password specified.
An attacker may exploit this issue to authenticate to an affected system using a user account configured for password aging that was created without a password using the affected tool.
An insecure account creation vulnerability affects the Sun Solaris Management Console (SMC) Graphical User Interface. This issue is due to a failure of the application to securely create accounts that have no password specified.
An attacker may exploit this issue to authenticate to an affected system using a user account configured for password aging that was created without a password using the affected tool.
Exploit / POC
Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability
Solution:
Sun has released patches for the affected operating systems.
Sun Solaris 9_x86
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9
Solution:
Sun has released patches for the affected operating systems.
Sun Solaris 9_x86
-
Sun 114193-20
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114193-20-1 -
Sun 114504-08
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114504-08-1
Sun Solaris 8_x86
-
Sun 109135-31
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -109135-31-1 -
Sun 113750-02
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113750-02-1
Sun Solaris 8_sparc
-
Sun 109134-31
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -109134-31-1 -
Sun 113749-02
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113749-02-1
Sun Solaris 9
References
Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability
References:
References: