Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5701

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-5701
Last Modified 07 Mar 2011 10:01:10
Published 29 Oct 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5701

Summary

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

Vulnerable Systems

Application

  • Ibm Lotus Domino 6.5.5

  • Ibm Lotus Domino 6.5.6

  • Ibm Lotus Domino 7.0

  • Ibm Lotus Domino 7.0.2


References

BID - 26176

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21261095

SECUNIA - 27321

XF - domino-ca-password-disclosure(37372)

VUPEN - ADV-2007-3598

OSVDB - 40952


Last Updated: 27 May 2016 10:46:14