Insecure Console Locking in CDE Screenlock Program on Solaris 2.6

Insecure Console Locking in CDE Screenlock Program on Solaris 2.6

CVE-1999-1025 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

Learn more about our Cis Benchmark Audit For Oracle Solaris.