Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/40952 - | |
References | () http://secunia.com/advisories/27321 - Patch, Vendor Advisory | |
References | () http://www-1.ibm.com/support/docview.wss?uid=swg21261095 - Patch | |
References | () http://www.securityfocus.com/bid/26176 - Patch | |
References | () http://www.vupen.com/english/advisories/2007/3598 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/37372 - |
Information
Published : 2007-10-29 21:46
Updated : 2024-11-21 00:38
NVD link : CVE-2007-5701
Mitre link : CVE-2007-5701
CVE.ORG link : CVE-2007-5701
JSON object : View
Products Affected
ibm
- lotus_domino