Back to search
CVE-2007-5701
Published: Oct 29, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www-1.ibm.com/support/docview.wss?uid=swg21261095
x_refsource_CONFIRM
domino-ca-password-disclosure(37372)
vdb-entry
x_refsource_XF
ADV-2007-3598
vdb-entry
x_refsource_VUPEN
40952
vdb-entry
x_refsource_OSVDB
26176
vdb-entry
x_refsource_BID
27321
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now