Note: This is an archival copy of Security Sun Alert 200994 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000749.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Resolved Release
User accounts created with the Solaris Management Console (SMC) GUI which are configured for password aging (the shadow(4) fields <min> and <max> fields will be set) may allow login without specifying a password.
This issue can occur in the following releases:
Note: Solaris 7 is not affected by this issue.
This issue can occur when a user account is created with SMC (default configuration) with aging fields set and no password supplied. The user account (when being created) is not prompted for a password.
To work around the described issue, always supply a password while creating user accounts with SMC (locked by default).
This issue is resolved in the following releases:
Note: Both patches listed for each version of Solaris must be installed to resolve this issue.
This solution has no attachment