COMMAND

    passwd

SYSTEMS AFFECTED

    SCO OpenSERVER 5

PROBLEM

    Default login program  doesn't prompt you  for old passwd  once it
    has expired. And  with the many  passwd-file-stealing-exploits its
    not hard to get the file,  then analyze it to find which  accounts
    have  expired  passwords  (This  data  is  kept  in  the  last few
    characters of the password field).  This vulnerability has been
    brought to public by ultima@CORINNE.MAC.EDU

SOLUTION

    This is default  login, but there  is lot of  other login programs
    which can be used for purpose.