Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5701


Vulnerability Score 2.1 2.1
CVE Id CVE-2007-5701
Last Modified 07 Mar 2011 10:01:10
Published 29 Oct 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

Vulnerable Systems


  • Ibm Lotus Domino 6.5.5

  • Ibm Lotus Domino 6.5.6

  • Ibm Lotus Domino 7.0

  • Ibm Lotus Domino 7.0.2


BID - 26176


SECUNIA - 27321

XF - domino-ca-password-disclosure(37372)

VUPEN - ADV-2007-3598

OSVDB - 40952

Last Updated: 27 May 2016 10:46:14