CVE-2006-4763

Published: Sep 13, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

domino-token-session-hijack(28881)

vdb-entry

x_refsource_XF

20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access

mailing-list

x_refsource_BUGTRAQ

20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access

mailing-list

x_refsource_FULLDISC

http://www.fishnetsecurity.com/csirt/disclosure/ibm

x_refsource_MISC

19966

vdb-entry

x_refsource_BID

1571

third-party-advisory

x_refsource_SREASON

http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-4763

Description

Affected Products

References