CVE-2007-5701: Infoleak
First published: Mon Oct 29 2007(Updated: )
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Domino | =7.0 | |
| IBM Lotus Domino | =6.5.5 | |
| IBM Lotus Domino | =6.5.6 | |
| IBM Lotus Domino | =6.5.6 | |
| IBM Lotus Domino | =6.5.5 | |
| IBM Lotus Domino | =7.0.2 | |
| IBM Lotus Domino | =7.0.2 | |
| IBM Lotus Domino | =7.0.2 | |
| IBM Lotus Domino | =6.5.5 | |
| IBM Lotus Domino | =6.5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/type
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm lotus domino
- version/ibm lotus domino/7.0
- version/ibm lotus domino/6.5.5
- version/ibm lotus domino/6.5.6
- version/ibm lotus domino/7.0.2