CVE-2007-5701

Sažetak

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

Reference

http://osvdb.org/40952
http://secunia.com/advisories/27321
http://www.securityfocus.com/bid/26176
http://www.vupen.com/english/advisories/2007/3598
http://www-1.ibm.com/support/docview.wss?uid=swg21261095
https://exchange.xforce.ibmcloud.com/vulnerabilities/37372

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

29-10-2007 - 21:46