Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
4997883
Date of Resolved Release10-JAN-2005
Impact
User accounts created with the Solaris Management Console (SMC) GUI which are configured for password aging (the shadow(4) fields <min> and <max> fields will be set) may allow login without specifying a password.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 8 without patches 113749-02 and 109134-31
-
Solaris 9 without patches 114503-08 and 112945-29
x86 Platform
-
Solaris 8 without patches 113750-02 and 109135-31
-
Solaris 9 without patches 114504-08 and 114193-20
Note: Solaris 7 is not affected by this issue.
Symptoms
This issue can occur when a user account is created with SMC (default configuration) with aging fields set and no password supplied. The user account (when being created) is not prompted for a password.
Workaround
To work around the described issue, always supply a password while creating user accounts with SMC (locked by default).
Resolution
This issue is resolved in the following releases:
SPARC Platform
-
Solaris 8 with patches 113749-02 or later and 109134-31 or later
-
Solaris 9 with patches 114503-08 or later and 112945-29 or later
x86 Platform
-
Solaris 8 with patches 113750-02 or later and 109135-31 or later
-
Solaris 9 with patches 114504-08 or later and 114193-20 or later
Note: Both patches listed for each version of Solaris must be installed to resolve this issue.
Modification History
References
113749-02
109134-31
114503-08
112945-29
113750-02
109135-31
114504-08
114193-20
AttachmentsThis solution has no attachment