CVE-2007-5701

Properties

Published:
28.10.2007
Updated:
27.02.2008
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Product:
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino
    IBM: Lotus Domino

    Vulnerability description

    Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a"ca activate"or"ca unlock"command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

    References:

    http://www-1.ibm.com/support/docview.wss?uid=swg21261095: http://www-1.ibm.com/support/docview.wss?uid=swg21261095
    BID: http://www.securityfocus.com/bid/26176
    FRSIRT: http://www.frsirt.com/english/advisories/2007/3598
    SECUNIA: http://secunia.com/advisories/27321
    XF: http://xforce.iss.net/xforce/xfdb/37372