Sun Internet Mail Server Cleartext Passwords During Installation Vulnerability

info
discussion
exploit
solution
references

Sun Internet Mail Server Cleartext Passwords During Installation Vulnerability

A vulnerability exists in the Sun Internet Mail Server, as distributed as part of the Solaris ISP Server 2.0 package. During installation, a file named /tmp/sims_setup.dat is created. This file contains all of the passwords relevant to SIMS in cleartext, and is world readable.