The /etc/shadow file can be relabeled (4388344)

If a user mistypes a password for a local account, the label of the /etc/shadow file may change. This can cause subsequent login attempts to fail.

Workaround: If you mistype the password for a local account, have the security administrator immediately relabel the /etc/shadow file as ADMIN_LOW.

Previous: bind and accept do not generate audit records (4256066)
Next: File system label ranges are not enforced for unlabeled NFS file systems (4150441)