[原文]Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
iPlanet CMS has a flaw that allows a local or remote attacker to obtain the administrative password. The issue is due to the software storing the administrator password plaintext in the admin-serv/config/adm.conf file. Used in conjunction with other vulnerabilities present in this software, a remote attacker could request this file and obtain the password.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.